CVE-2022-40734
published 2022-09-14CVE-2022-40734: UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited…
PriorityP273medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.06%
89.4th percentile
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| unisharp | laravel-filemanager | >= 0 < 2.6.4 | 2.6.4 |
| unisharp | laravel_filemanager | <= 2.5.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/download?working_dir=%2F../../../../../../../../../../../../../../../../../../../etc&type=Files&file=passwd↗
url/laravel-filemanager/download?working_dir=%2F../../../../../../../../../../../../../../../../../../../etc&type=Files&file=passwd↗
- →Look for HTTP GET requests containing 'download?working_dir=%2F..' with path traversal sequences targeting sensitive files such as /etc/passwd ↗
- →Shodan/FOFA fingerprinting: identify exposed Laravel Filemanager instances via HTML body content 'Laravel Filemanager' or 'laravel filemanager' ↗
- →Successful exploitation response will contain Unix /etc/passwd content; match on regex pattern 'root:[x*]:0:0' in HTTP responses ↗
- →Monitor both /download and /laravel-filemanager/download endpoints for the 'working_dir', 'type', and 'file' query parameters used in traversal exploitation ↗
- ·The vulnerability requires authenticated access (PR:L in CVSS), meaning the attacker must have low-privilege credentials to exploit the directory traversal ↗
- ·This CVE was actively exploited in the wild as of June 2022 and carries a very high EPSS score (91.7%), indicating high real-world exploitation probability ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
UniSharp Laravel Filemanager directory traversal vulnerability
osv·2022-09-15
CVE-2022-40734 [MEDIUM] UniSharp Laravel Filemanager directory traversal vulnerability
UniSharp Laravel Filemanager directory traversal vulnerability
UniSharp laravel-filemanager (aka Laravel Filemanager) with `league/flysystem` version `= 2.0.0`.
GHSA
UniSharp Laravel Filemanager directory traversal vulnerability
ghsa·2022-09-15
CVE-2022-40734 [MEDIUM] CWE-22 UniSharp Laravel Filemanager directory traversal vulnerability
UniSharp Laravel Filemanager directory traversal vulnerability
UniSharp laravel-filemanager (aka Laravel Filemanager) with `league/flysystem` version `= 2.0.0`.
VulnCheck
unisharp laravel_filemanager Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2022·CVSS 6.5
CVE-2022-40734 [MEDIUM] unisharp laravel_filemanager Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
unisharp laravel_filemanager Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.
Affected: unisharp laravel_filemanager
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2022-40734; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2022-40734; https://dashboard.shadowserver.org/statistics/hone
No detection rules found.
Nuclei
Laravel Filemanager v2.5.1 - Local File Inclusion
nuclei·CVSS 6.5
CVE-2022-40734 [MEDIUM] Laravel Filemanager v2.5.1 - Local File Inclusion
Laravel Filemanager v2.5.1 - Local File Inclusion
Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.
Template:
id: CVE-2022-40734
info:
name: Laravel Filemanager v2.5.1 - Local File Inclusion
author: arafatansari
severity: medium
description: |
Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, sensitive data exposure, and remote code execution.
remediation: |
Upgrade to a patched version of Laravel Filemanager v2.5.1 or apply the recommended security patches provided by the vendor.
reference:
- https://github.com/UniSharp/laravel-filemanager/issues/115
https://github.com/UniSharp/laravel-filemanager/issues/1150https://github.com/UniSharp/laravel-filemanager/issues/1150#issuecomment-1320186966https://github.com/UniSharp/laravel-filemanager/issues/1150#issuecomment-1825310417https://github.com/UniSharp/laravel-filemanager/issues/1150https://github.com/UniSharp/laravel-filemanager/issues/1150#issuecomment-1320186966https://github.com/UniSharp/laravel-filemanager/issues/1150#issuecomment-1825310417
2022-09-14
Published
Exploited in the wild