unisharp/laravel-filemanager

Packagist3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting unisharp/laravel-filemanagerpage 1 of 1

CVE-2021-23814MEDIUMCVSS 6.7EG 6.7✓ Fixed in 2.6.2
2021-12-17
vulnerable: 0.1.0 ... v2.6.1 (63 versions)
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a pac…
CVE-2022-40734MEDIUMCVSS 6.5EG 9.0✓ Fixed in 2.6.4
2022-09-14
vulnerable: 0.1.0 ... v2.6.3 (65 versions)
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.
CVE-2024-21546CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.9.1
2024-12-18
vulnerable: 0.1.0 ... v2.9.0 (71 versions)
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute …

Check whether unisharp/laravel-filemanager is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for unisharp/laravel-filemanager CVEs against the assets you own.

Start Free Scan →