Zaurgsynv

**Name of the Vulnerable Software and Affected Versions** Sharp versions prior to 9.20.0 **Description** The application does not properly sanitize file extensions, allowing path separators to be passed into the storage layer. The `FileUtil::explodeExtension()` function in `src/Utils/FileUtil.php` extracts a file's extension by splitting the filename at the last dot without sanitization. This allows an authenticated attacker to manipulate file paths and potentially write files outside the intended directory or overwrite critical files. The issue is related to the improper handling of file extensions during storage operations. **Recommendations** Update to version 9.20.0 or later.

**Name of the Vulnerable Software and Affected Versions** Sharp versions prior to 9.20.0 **Description** Sharp, a content management framework for Laravel, has an issue in its file upload functionality. The `ApiFormUploadController` accepts a client-controlled `validation rule` parameter that is passed directly to the Laravel validator without adequate server-side checks. An attacker can bypass file type restrictions by manipulating the `validation rule` parameter to include `validation rule[]=file`. This allows the upload of arbitrary files, potentially including PHP webshells. The vulnerable code is located in `src/Http/Controllers/Api/ApiFormUploadController.php` at line 24. If the storage disk is publicly accessible, this could lead to Remote Code Execution (RCE). **Recommendations** Versions prior to 9.20.0 should be updated to version 9.20.0 or later, which removes the client-controlled validation rules and enforces upload rules server-side. As a workaround, ensure the storage disk used for Sharp uploads is strictly private.