Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malic
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. T
Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extensio
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP cod
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modu
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from filament/tables 3.0.0 until 3.3.51, the recordSelectO
An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file.
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary co
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user
A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.
This project is
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files w
plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling.
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for au
File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts,
Page 1+ Next →