This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).
References
Link | Resource |
---|---|
https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26 | Broken Link Third Party Advisory |
https://github.com/UniSharp/laravel-filemanager/issues/1113#issuecomment-1812092975 | |
https://snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2021-12-17T00:00:00
Updated: 2023-12-07T17:38:31.581999
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23814
JSON object: View
NVD Information
Status : Modified
Published: 2021-12-17T20:15:08.340
Modified: 2023-12-07T18:15:07.247
Link: CVE-2021-23814
JSON object: View
Redhat Information
No data.
CWE