High severity8.8NVD Advisory· Published Apr 5, 2026· Updated Apr 16, 2026

CVE-2019-25673

Description

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute arbitrary code by accessing the uploaded file through the working directory path.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/UniSharp/laravel-filemanager/issues/356nvd
www.exploit-db.com/exploits/46389nvd
www.vulncheck.com/advisories/unisharp-laravel-file-manager-alpha7-arbitrary-file-uploadnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000