-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from two key gaps: 1) The explicit extension blocklist check (extensionIsNotExcutable) didn't account for special-character suffixes that could alter server interpretation. 2) No validation existed to reject extensions containing non-alphanumeric characters. The patch added both the InvalidExtensionException and a regex check in extensionIsValid(), confirming these were missing safeguards in vulnerable versions.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| unisharp/laravel-filemanager | composer | < 2.9.1 | 2.9.1 |
Ongoing coverage of React2Shell