UniSharp Laravel File Manager Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file upload has been identified in UniSharp Laravel File Manager versions 2.0.0-alpha7 and 2.0. This issue allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. The vulnerability arises because the application does not properly validate file types, enabling the upload of PHP files when the type parameter is set to 'Files'. Exploitation of this vulnerability could lead to the execution of arbitrary code by accessing the uploaded file through the working directory path.

Impact

Successful exploitation of this vulnerability allows for arbitrary file upload, which can be leveraged to execute malicious code on the server.

Reproduction

To reproduce this vulnerability, upload a PHP file through the file manager's upload feature, ensuring that the type parameter is set to 'Files'. After the file is uploaded, it can be accessed via the working directory path, where the PHP code will be executed.

Remediation

Users are advised to update to UniSharp Laravel File Manager version 2.2.0 or later, where this vulnerability has been fixed.