CVE-2022-40734

Description

UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022.

Related CPE's

a unisharp laravel_filemanager ********

References

https://github.com/UniSharp/laravel-filemanager/issues/1150

ExploitIssue TrackingThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io