Packagist (Composer) package
unisharp/laravel-filemanager
pkg:composer/unisharp/laravel-filemanager
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-21546 | Cri | 9.8 | < 2.9.1 | 2.9.1 | Dec 18, 2024 | Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code. | |
| CVE-2022-40734 | — | < 2.6.4 | 2.6.4 | Sep 14, 2022 | UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0. | ||
| CVE-2021-23814 | — | < 2.6.2 | 2.6.2 | Dec 17, 2021 | This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. N |
- affected < 2.9.1fixed 2.9.1
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.
- CVE-2022-40734Sep 14, 2022affected < 2.6.4fixed 2.6.4
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.
- CVE-2021-23814Dec 17, 2021affected < 2.6.2fixed 2.6.2
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. N