CVE-2021-23814
published 2021-12-17CVE-2021-23814: This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when…
PriorityP359high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.82%
76.1th percentile
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload window 3. Upload an image file, then capture the request 4. Edit the request contents with a malicious file (webshell) 5. Enter the path of file uploaded on URL - Remote Code Execution **Note:** Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| unisharp | laravel-filemanager | < 2.6.2 | 2.6.2 |
| unisharp | laravel-filemanager | >= 0 < 2.6.2 | 2.6.2 |
| unisharp | laravel-filemanager | >= 0.0.0 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
ghsa·2022-01-06
CVE-2021-23814 [MEDIUM] CWE-434 Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
This affects the package unisharp/laravel-filemanager prior to version 2.6.2. The `upload()` function does not sufficiently validate the file type when uploading.
An attacker may be able to reproduce the following steps:
- Install a package with a web Laravel application.
- Navigate to the Upload window
- Upload an image file, then capture the request
- Edit the request contents with a malicious file (webshell)
- Enter the path of file uploaded on URL
- Remote Code Execution
**Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).
OSV
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
osv·2022-01-06
CVE-2021-23814 [MEDIUM] Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
This affects the package unisharp/laravel-filemanager prior to version 2.6.2. The `upload()` function does not sufficiently validate the file type when uploading.
An attacker may be able to reproduce the following steps:
- Install a package with a web Laravel application.
- Navigate to the Upload window
- Upload an image file, then capture the request
- Edit the request contents with a malicious file (webshell)
- Enter the path of file uploaded on URL
- Remote Code Execution
**Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26https://github.com/UniSharp/laravel-filemanager/issues/1113https://github.com/UniSharp/laravel-filemanager/releases/tag/v2.5.1https://github.com/UniSharp/laravel-filemanager/releases/tag/v2.6.2https://security.snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26https://github.com/UniSharp/laravel-filemanager/issues/1113#issuecomment-1812092975https://snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199
2021-12-17
Published