CVE-2024-0864
moderate-risk
Published 2024-02-29
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin.
Do I need to act?
~
4.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: ba4193e4d48b03d349f74353d3a62b50e6ec9264
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Laragon
Affected Vendors
References (6)
Third Party Advisory
https://cert.pl/en/posts/2024/02/CVE-2024-0864
Third Party Advisory
https://cert.pl/posts/2024/02/CVE-2024-0864
Product
https://laragon.org/
Third Party Advisory
https://cert.pl/en/posts/2024/02/CVE-2024-0864
Third Party Advisory
https://cert.pl/posts/2024/02/CVE-2024-0864
Product
https://laragon.org/
44
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
7/34 · Low
Exposure
5/34 · Minimal