CVE-2022-40734

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in packagist/unisharp/laravel-filemanager

Identifiers

CVE-2022-40734

Package Slug

packagist/unisharp/laravel-filemanager

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022.

Affected Versions

All versions up to 2.5.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-09-19

source