-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| alexusmai/laravel-file-manager | composer | <= 3.3.1 |
Miggo AIRoot Cause AnalysisThe vulnerability exists in the zip creation functionality of the laravel-file-manager package. The root cause is a lack of input validation on the file and directory paths provided by the user when creating a zip archive. The application's Alexusmai\LaravelFileManager\Services\Zip::createArchive and Alexusmai\LaravelFileManager\Services\Zip::addDirs methods directly use the user-provided paths to build file system paths for inclusion in the archive. Specifically, the prefixer helper function concatenates a base storage path with the user-supplied path without sanitizing it for directory traversal sequences (e.g., ../). An authenticated attacker with access to the file manager can craft a request to the zip functionality, including paths with directory traversal characters. This manipulation allows the attacker to include files and directories from outside the web root or designated storage folder in the created zip archive. For example, an attacker could include sensitive files like .env, which often contains database credentials and application keys, or other system files like /etc/passwd. The vulnerable functions are createArchive and addDirs in src/Services/Zip.php, which are called by the create method in the same class. These functions would appear in a runtime profile during exploitation.
Alexusmai\LaravelFileManager\Services\Zip::createArchivesrc/Services/Zip.php
Alexusmai\LaravelFileManager\Services\Zip::addDirssrc/Services/Zip.php