Homepage
About Snyk

Arbitrary File Upload Affecting unisharp/laravel-filemanager package, versions <2.6.2

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.19% (58th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199
  • published 16 Dec 2021
  • disclosed 18 Aug 2021
  • credit Huy Nguyen
Report a new vulnerability Found a mistake?

Introduced: 18 Aug 2021

CVE-2021-23814 Open this link in a new tab
CWE-94 Open this link in a new tab
First added by Snyk

How to fix?

Upgrade unisharp/laravel-filemanager to version 2.6.2 or higher.

Overview

unisharp/laravel-filemanager is an A file upload/editor intended for use with Laravel 5 to 6 and CKEditor / TinyMCE.

Affected versions of this package are vulnerable to Arbitrary File Upload. The upload() function does not sufficiently validate the file type when uploading.

An attacker may be able to reproduce the following steps:

  • Install a package with a web Laravel application.
  • Navigate to the Upload window
  • Upload an image file, then capture the request
  • Edit the request contents with a malicious file (webshell)
  • Enter the path of file uploaded on URL - Remote Code Execution

Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the here.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
6.7 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    Low
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    Low
Expand this section

NVD

8.8 high