This affects the package unisharp/laravel-filemanager from 0.0.0.
The upload() function does not sufficiently validate the file type when uploading.

An attacker may be able to reproduce the following steps:

– Install a package with a web Laravel application.
– Navigate to the Upload window
– Upload an image file, then capture the request
– Edit the request contents with a malicious file (webshell)
– Enter the path of file uploaded on URL – Remote Code Execution

**Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](

Source: CVE-2021-23814

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 항목은 *(으)로 표시합니다

Time limit is exhausted. Please reload the CAPTCHA.