VYPR

Packagist (Composer) package

unisharp/laravel-filemanager

pkg:composer/unisharp/laravel-filemanager

Vulnerabilities (3)

  • CVE-2024-21546CriDec 18, 2024
    affected < 2.9.1fixed 2.9.1

    Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.

  • CVE-2022-40734Sep 14, 2022
    affected < 2.6.4fixed 2.6.4

    UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.

  • CVE-2021-23814Dec 17, 2021
    affected < 2.6.2fixed 2.6.2

    This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. N