Опубликовано: 04 дек. 2025
Источник: github
Github: Прошло ревью
CVSS4: 7.7
CVSS3: 9.1
Описание
alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.
Пакеты
Наименование
alexusmai/laravel-file-manager
composer
Затронутые версииВерсия исправления
<= 3.3.1
Отсутствует
Связанные уязвимости
CVSS3: 9.1
nvd
2 месяца назад
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.