Unisharp Laravel-Filemanager vulnerabilities
3 known vulnerabilities affecting unisharp/laravel-filemanager.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-40734P2MEDIUMExploitedPoC≥ 0, < 2.6.42022-09-15
CVE-2022-40734 [MEDIUM] CWE-22 UniSharp Laravel Filemanager directory traversal vulnerability
UniSharp Laravel Filemanager directory traversal vulnerability
UniSharp laravel-filemanager (aka Laravel Filemanager) with `league/flysystem` version `= 2.0.0`.
ghsaosv
CVE-2021-23814P3HIGHCVSS 8.8≥ 0.0.0fixed in 2.6.22021-12-17
CVE-2021-23814 [HIGH] CWE-94 CVE-2021-23814: This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() functio
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload window 3. Upload an image file, then capture the reque
ghsanvdosv
CVE-2024-21546P3CRITICALCVSS 9.8fixed in 2.9.12024-12-18
CVE-2024-21546 [CRITICAL] CWE-94 CVE-2024-21546: Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Exec
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.
ghsanvdosv