CVE-2022-40734
packagist/unisharp/laravel-filemanager
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022.
All versions up to 2.5.1
Upgrade to version 2.6.0 or above.
2022-09-19
source |