unisharp/laravel-filemanager is vulnerable to arbitrary file upload attacks. The vulnerability exists through UploadController.php
where the ‘upload()’ function does not properly validate the upload files, allowing an attacker to upload a malicious crafted file and remotely execute arbitrary code on system.