-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from using league/flysystem <2.0.0 which lacked proper path traversal detection. The primary fix was requiring flysystem^2.0 which added path normalization safeguards. While the Filemanager's download functionality handling the 'working_dir' parameter is the entry point, the actual vulnerable path resolution logic resides in flysystem's internal path handling (not directly in Filemanager's code). No specific functions in the Filemanager package itself are explicitly shown to contain vulnerable code - the weakness was in the dependency's path resolution capabilities rather than specific unsafe function implementations in the Filemanager.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| unisharp/laravel-filemanager | composer | < 2.6.4 | 2.6.4 |