This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).
References
Link | Resource |
---|---|
https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26 | Broken Link Third Party Advisory |
https://github.com/UniSharp/laravel-filemanager/issues/1113#issuecomment-1812092975 | |
https://snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199 | Third Party Advisory |
https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26 | Broken Link Third Party Advisory |
https://github.com/UniSharp/laravel-filemanager/issues/1113#issuecomment-1812092975 | |
https://snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 6.7 |
References | () https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26 - Broken Link, Third Party Advisory | |
References | () https://github.com/UniSharp/laravel-filemanager/issues/1113#issuecomment-1812092975 - | |
References | () https://snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199 - Third Party Advisory |
07 Dec 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jan 2022, 14:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
References | (CONFIRM) https://snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199 - Third Party Advisory | |
References | (CONFIRM) https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26 - Broken Link, Third Party Advisory | |
CPE | cpe:2.3:a:unisharp:laravel-filemanager:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
17 Dec 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories). |
17 Dec 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-17 20:15
Updated : 2024-11-21 05:51
NVD link : CVE-2021-23814
Mitre link : CVE-2021-23814
CVE.ORG link : CVE-2021-23814
JSON object : View
Products Affected
unisharp
- laravel-filemanager
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type