6 matches found
CVE-2026-48557
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...
CVE-2026-48557
The CVE affects Spatie Laravel Media Library prior to 11.23.0. In FileAdder::defaultSanitizer(), the file upload filter only checks the final filename suffix, allowing double-extension names like shell.php.jpg to bypass the blocklist, since inner .php stems are preserved by pathinfo(). The blockl...
CVE-2026-48555 Spatie Laravel Media Library < 11.23.0 SSRF via addMediaFromUrl()
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...
EUVD-2026-33418
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl method in InteractsWithMedia.php...
Laravel Media Library Pro 2.1.6 Shell Upload Vulnerability
Exploit Title: Laravel Media Library Pro Vendor Homepage: https://spatie.be/ Software Link: https://spatie.be/products/media-library-pro Version: =1.17.10 & =2.1.6 Tested on: Laradock PHP 8.0 inside Ubuntu 20.04 CVE : CVE-2021-45040 Description: The Spatie media-library-pro library through 1.17.1...
Laravel Media Library Pro 2.1.6 Shell Upload
Exploit Title: Laravel Media Library Pro Vendor Homepage: https://spatie.be/ Software Link: https://spatie.be/products/media-library-pro Version: =1.17.10 & =2.1.6 Tested on: Laradock PHP 8.0 inside Ubuntu 20.04 CVE : CVE-2021-45040 Description: The Spatie media-library-pro library through 1.17.1...