Laravel File Manager Directory Traversal Vulnerability Allowing Arbitrary File Write

A directory traversal vulnerability has been identified in Laravel File Manager versions 3.3.1 and below. The issue arises in the unzip functionality, where insufficient validation of extraction paths allows crafted ZIP archives to be extracted to arbitrary locations on the filesystem. This vulnerability can be exploited to overwrite existing files, introduce executable payloads, or modify application behavior, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file writes to locations accessible by the application user, such as the web server user. This could result in overwriting critical application files, including routes and configuration, and could be leveraged to execute malicious code by placing executable files in the webroot.

Reproduction

To reproduce this vulnerability, upload a ZIP archive containing directory traversal sequences, such as '../../', to the application's unzip endpoint. The extraction process will write the files to the specified locations without proper validation, allowing for overwriting of existing files or modification of application behavior.

Remediation

Users are advised to update to Laravel File Manager version 3.3.2 or later, where this vulnerability has been addressed.