Описание
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading.
An attacker may be able to reproduce the following steps:
- Install a package with a web Laravel application.
- Navigate to the Upload window
- Upload an image file, then capture the request
- Edit the request contents with a malicious file (webshell)
- Enter the path of file uploaded on URL - Remote Code Execution
Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in here.
Ссылки
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.0.0 (включая)
cpe:2.3:a:unisharp:laravel-filemanager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02089
Низкий
6.7 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
CWE-434
Связанные уязвимости
CVSS3: 6.7
github
около 4 лет назад
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
EPSS
Процентиль: 84%
0.02089
Низкий
6.7 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
CWE-434