CVE-2019-25673
- EPSS 0.07%
- Veröffentlicht 05.04.2026 20:45:25
- Zuletzt bearbeitet 16.04.2026 16:15:56
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files wi...
CVE-2024-21546
- EPSS 2.44%
- Veröffentlicht 18.12.2024 06:15:22
- Zuletzt bearbeitet 15.04.2026 00:35:42
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious c...
CVE-2021-23814
- EPSS 2.09%
- Veröffentlicht 17.12.2021 20:15:08
- Zuletzt bearbeitet 17.06.2025 12:15:20
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a...