Vulnerability Details : CVE-2021-23814
This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).
Vulnerability category: Execute code
Products affected by CVE-2021-23814
- cpe:2.3:a:unisharp:laravel-filemanager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-23814
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-23814
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L |
1.2
|
5.5
|
Snyk |
CWE ids for CVE-2021-23814
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-23814
-
https://github.com/UniSharp/laravel-filemanager/issues/1113#issuecomment-1812092975
CVE-2021-23814 Unrestricted Upload of File with Dangerous Type · Issue #1113 · UniSharp/laravel-filemanager · GitHub
-
https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26
Page not found · GitHub · GitHubBroken Link;Third Party Advisory
-
https://snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199
Arbitrary File Upload in unisharp/laravel-filemanager | SnykThird Party Advisory
Jump to