cve/CVE-2022-40734.md at 8d17e0c8f8dcf0cf9abdcefadf7dbc6d73d1b980

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 8d17e0c8f8 Update CVE sources 2024-08-24 17:55

2024-08-24 17:55:21 +00:00

Description

UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.

POC

Reference

https://github.com/UniSharp/laravel-filemanager/issues/1150
https://github.com/UniSharp/laravel-filemanager/issues/1150#issuecomment-1320186966
https://github.com/UniSharp/laravel-filemanager/issues/1150#issuecomment-1825310417

Github

https://github.com/0day404/vulnerability-poc
https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/Henry4E36/POCS
https://github.com/KayCHENvip/vulnerability-poc
https://github.com/Miraitowa70/POC-Notes
https://github.com/Threekiii/Awesome-POC
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/qiuluo-oss/Tiger

1.2 KiB Raw Blame History

CVE-2022-40734

Description

POC

Reference

Github

1.2 KiB

Raw Blame History