We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-21546



Description

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.

Reserved 2023-12-22 | Published 2024-12-18 | Updated 2024-12-18 | Assigner snyk


CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:PCRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

Problem types

Remote Code Execution (RCE)

Credits

Võ Thành Nam

References

security.snyk.io/...K-PHP-UNISHARPLARAVELFILEMANAGER-7210316

gist.github.com/ImHades101/338a06816ef97262ba632af9c78b78ca

github.com/...ommit/8170760c0ae316d77b9363cd4c76ab68d3f63f0b

cve.org (CVE-2024-21546)

nvd.nist.gov (CVE-2024-21546)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21546

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.