2 matches found
CVE-2026-48557
creationtimestamp| type| source ---|---|--- 2026-05-29 21:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzgljjohu2d 2026-05-29 22:28:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzljfya3722...
CVE-2026-48557 Spatie Laravel Media Library < 11.23.0 File Upload Restriction Bypass via FileAdder.php
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...