PT-2024-18957 · Unknown · Unisharp/Laravel-Filemanager
Võ Thành Nam
·
Published
2024-12-18
·
Updated
2025-09-06
·
CVE-2024-21546
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
unisharp/laravel-filemanager versions prior to 2.9.1
Description
The issue allows for Remote Code Execution (RCE) through the use of a valid mimetype and inserting the . character after the php file extension, enabling an attacker to execute malicious code.
Recommendations
For versions prior to 2.9.1, update to version 2.9.1 to resolve the issue. As a temporary workaround, consider restricting the use of valid mimetypes and the insertion of the . character after the php file extension to minimize the risk of exploitation.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unisharp/Laravel-Filemanager