← Back

Laravel Filemanager

laravel-filemanager

Vendor: Unisharp • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-40734
1Unisharp
1Laravel Filemanager
Nov 21, 2024
Sep 14, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysyste...Show more
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.Show less
CVE-2021-23814
1Unisharp
1Laravel Filemanager
Jun 17, 2025
Dec 17, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps...Show more
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload window 3. Upload an image file, then capture the request 4. Edit the request contents with a malicious file (webshell) 5. Enter the path of file uploaded on URL - Remote Code Execution **Note:** Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).Show less