Unknown · Unisharp/Laravel-Filemanager · CVE-2024-21546
**Name of the Vulnerable Software and Affected Versions**
unisharp/laravel-filemanager versions prior to 2.9.1
**Description**
The issue allows for Remote Code Execution (RCE) through the use of a valid mimetype and inserting the . character after the php file extension, enabling an attacker to execute malicious code.
**Recommendations**
For versions prior to 2.9.1, update to version 2.9.1 to resolve the issue. As a temporary workaround, consider restricting the use of valid mimetypes and the insertion of the . character after the php file extension to minimize the risk of exploitation.