Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS02NTY5LTM3ODUtcjN2Ns4ABCib

High CVSS: 8.9 EPSS: 0.00267% (0.49967 Percentile) EPSS:
Permalink JSON

UniSharp Laravel Filemanager Code Injection vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:unisharp/laravel-filemanager < 2.9.1 2.9.1
102 Dependent packages
2,559 Dependent repositories
2,964,818 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.9.0, 1.9.1, 1.9.2, 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7.0, 2.7.1, 2.8.0, 2.8.1, 2.9.0

All unaffected versions

2.9.1, 2.10.0, 2.10.1

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.

References:

Identifiers

GHSA-6569-3785-r3v6

CVE-2024-21546

Risk

Severity

High

CVSS

CVSS Score: 8.9

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

EPSS

EPSS Percentage: 0.00267

EPSS Percentile: 0.49967

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/UniSharp/laravel-filemanager

Date and time

Published

7 months ago

Updated

7 months ago

API

JSON