Intel

AIKIDO-2024-10395

unisharp/laravel-filemanager is vulnerable to Unrestricted Upload of File with Dangerous Type

Unrestricted Upload of File with Dangerous TypeCVE-2024-21546 Published Oct 31, 2024

89

High Risk

This Affects:

phpunisharp/laravel-filemanager
1.0.0 - 2.9.0
Fixed in 2.9.1
Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to uploading files with a dangerous type. Without additional security measures, users can upload executable files, potentially leading to the execution of malicious code on the server.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

unisharp/laravel-filemanager is vulnerable to Unrestricted Upload of File with Dangerous Type in versions 1.0.0 - 2.9.0.

How to fix this

Upgrade the unisharp/laravel-filemanager library to the patch version.