Unisharp: Security Vulnerabilities
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.
CVSS Score
6.5
EPSS Score
0.929
Published
2022-09-14
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading.
An attacker may be able to reproduce the following steps:
1. Install a package with a web Laravel application.
2. Navigate to the Upload window
3. Upload an image file, then capture the request
4. Edit the request contents with a malicious file (webshell)
5. Enter the path of file uploaded on URL - Remote Code Execution
**Note:** Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).
CVSS Score
6.7
EPSS Score
0.021
Published
2021-12-17