CVE-2022-40734

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in packagist/unisharp/laravel-filemanager

Identifiers

CVE-2022-40734

Package Slug

packagist/unisharp/laravel-filemanager

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022.

Affected Versions

All versions up to 2.5.1

Solution

Upgrade to version 2.6.0 or above.

Last Modified

2022-09-19

source