Silicahd

**Name of the Vulnerable Software and Affected Versions** UniSharp laravel-filemanager (aka Laravel Filemanager) versions prior to 2.6.4 league/flysystem versions prior to 2.0.0 **Description** The issue allows download?working dir=%2F.. directory traversal to read arbitrary files. This has been exploited in the wild in June 2022. The problem is related to the use of league/flysystem before version 2.0.0. **Recommendations** For UniSharp laravel-filemanager (aka Laravel Filemanager) versions prior to 2.6.4, update to version 2.6.4 or later, which requires the installation of league/flysystem version 2.0.0 or later. For league/flysystem versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the download endpoint with the `working dir` parameter to minimize the risk of exploitation.