CVE-2024-21546
- Source
- https://cve.org/CVERecord?id=CVE-2024-21546
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21546.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-21546
- Aliases
- Published
- 2024-12-18T06:15:22.850Z
- Modified
- 2026-04-10T05:08:57.054610Z
- Severity
-
- 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.
- References
Affected packages
Git / github.com/UniSharp/laravel-filemanager
Affected ranges
- Type
- GIT
- Repo
- https://github.com/UniSharp/laravel-filemanager
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.9.1" } ] }
- Type
- GIT
- Repo
- https://github.com/unisharp/laravel-filemanager
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.2.0
0.3.0
0.3.1
0.5.0
0.5.1
0.5.2
0.5.3
1.*
1.0.0
1.1.0
1.1.0-alpha
1.1.1
1.2.0
1.3.0-alpha
1.4.0-alpha
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
1.6.2
1.6.3
v1.*
v1.7-alpha
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.9.0
v2.*
v2.0.0
v2.0.0-alpha
v2.0.0-alpha2
v2.0.0-alpha3
v2.0.0-alpha4
v2.0.0-alpha5
v2.0.0-alpha6
v2.0.0-alpha7
v2.0.0-alpha8
v2.0.1
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.4.1
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.7.0
v2.7.1
v2.8.0
v2.9.0