CVE-2019-25673: Arbitrary File Access in UniSharp 2.0.0
Platform
laravel
Component
unisharp/laravel-filemanager
Fixed in
2.0.1
CVE-2019-25673 is an arbitrary file access vulnerability discovered in UniSharp Laravel File Manager versions 2.0.0 through 2.0.0-alpha7. An authenticated attacker can exploit this flaw by uploading malicious files, potentially enabling remote code execution. This vulnerability affects installations of UniSharp Laravel File Manager 2.0.0 and earlier versions. A patch is available in version 2.0.1.
How to fix
Actualice a la versión 2.0.1 o superior para mitigar la vulnerabilidad de carga arbitraria de archivos. Esta actualización corrige la validación de tipos de archivos, previniendo la ejecución de código malicioso.
Frequently asked questions
What is CVE-2019-25673?
CVE-2019-25673 is an arbitrary file access vulnerability in UniSharp Laravel File Manager that allows authenticated users to upload malicious files and potentially execute code on the server.
Am I affected by CVE-2019-25673?
You are affected if you are using UniSharp Laravel File Manager versions 2.0.0 through 2.0.0-alpha7. Versions prior to 2.0.0 are also vulnerable.
How do I fix CVE-2019-25673?
Upgrade to UniSharp Laravel File Manager version 2.0.1 or later to resolve this vulnerability. This version includes a fix for the arbitrary file upload issue.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free