3137 matches found
Directory Traversal
alexusmai laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the zip/archiving functionality, which allows an attacker to create crafted archives that include files and directories outside the intended scope...
Directory Traversal
alexusmai/laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of extraction paths during archive unzip functionality, which allows an attacker to write files to arbitrary locations on the filesystem...
EUVD-2024-55315
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...
CVE-2024-58283
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...
appRain CMF 代码问题漏洞
appRain CMF is a content management framework from appRain Canada. A code issue vulnerability exists in appRain CMF version 4.0.5 that originates from an authenticated user being able to upload a malicious PHP file via the file manager, which could lead to remote code execution...
WBCE CMS 代码问题漏洞
WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A code issue vulnerability exists in WBCE CMS version 1.6.2 that originates from an authenticated user being able to upload malicious PHP files via the Elfinder file manager, which could lead to...
PT-2025-50532
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...
CVE-2025-65346
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
GHSA-Q5HG-WPPQ-R2CC alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
CVE-2025-65346
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
CVE-2025-65346
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
CVE-2025-65345
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation...
CVE-2025-65346
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
Laravel File Manager 安全漏洞
Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager 3.3.1 and earlier versions, which stems from the unzip function not adequately validating the extraction path, potentially leading to a directory travers...
EUVD-2025-201169
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
CVE-2025-65346
The CVE affects alexusmai laravel-file-manager up to version 3.3.1, where the unzip/extraction feature lacks proper path validation, enabling directory traversal and potentially writing archive contents to arbitrary filesystem locations. No public fix version is indicated in the provided document...
CVE-2025-65346
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...
PT-2025-49047
Name of the Vulnerable Software and Affected Versions alexusmai laravel-file-manager versions 3.3.1 and below Description The laravel-file-manager software contains a flaw related to directory traversal. The unzip/extraction functionality does not properly validate extraction paths, which allows...
alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...