CVE-2018-18888

An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt