Remote Code Execution Vulnerability in Laravel File Manager
CVE-2024-21546
Key Information:
- Vendor
UniSharp
- Vendor
- CVE Published:
- 18 December 2024
Badges
What is CVE-2024-21546?
The vulnerability identified as CVE-2024-21546 affects versions of UniSharp's Laravel File Manager prior to 2.9.1, allowing for Remote Code Execution (RCE). This security flaw arises when a valid mimetype is utilized in conjunction with an improperly secured file extension handling that permits the insertion of a '.' character after the '.php' file extension. As a result, an attacker can execute arbitrary code on the server, posing a severe risk to applications utilizing this package. It is imperative for users to upgrade to version 2.9.1 or later to mitigate this vulnerability and ensure the security of their web applications.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
unisharp/laravel-filemanager 0 < 2.9.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.