GSA_kwCzR0hTQS1mOHg2LW05ZjUtZmZwOM0c3g

Moderate EPSS: 0.02089% (0.83215 Percentile) EPSS:

Permalink JSON

Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager

Affected Packages	Affected Versions	Fixed Versions
packagist:unisharp/laravel-filemanager	< 2.6.2	2.6.2
102 Dependent packages 2,559 Dependent repositories 2,963,852 Downloads total Affected Version Ranges All affected versions 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.9.0, 1.9.1, 1.9.2, 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1 All unaffected versions 2.6.2, 2.6.3, 2.6.4, 2.7.0, 2.7.1, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.10.0, 2.10.1

This affects the package unisharp/laravel-filemanager prior to version 2.6.2. The upload() function does not sufficiently validate the file type when uploading.

An attacker may be able to reproduce the following steps:

Install a package with a web Laravel application.
Navigate to the Upload window
Upload an image file, then capture the request
Edit the request contents with a malicious file (webshell)
Enter the path of file uploaded on URL
Remote Code Execution

**Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the here.

References:

Identifiers

GHSA-f8x6-m9f5-ffp8

CVE-2021-23814

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.02089

EPSS Percentile: 0.83215

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/UniSharp/laravel-filemanager

Date and time

Published

over 3 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories