2 matches found
Arbitrary Code Injection
Overview unisharp/laravel-filemanager is an A file upload/editor intended for use with Laravel 5 to 6 and CKEditor / TinyMCE. Affected versions of this package are vulnerable to Arbitrary Code Injection through using a valid mimetype and inserting the . character after the php file extension. Thi...
PT-2024-18957
Name of the Vulnerable Software and Affected Versions: unisharp/laravel-filemanager versions prior to 2.9.1 Description: The issue allows for Remote Code Execution RCE through the use of a valid mimetype and inserting the . character after the php file extension, enabling an attacker to execute...