CVE-2024-52306

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-52306

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52306.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52306

Aliases

GHSA-8237-957h-h2c2

Published

2024-11-13T15:15:38.301Z

Modified

2026-04-02T12:21:53.442032Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

FileManager Deserialization of Untrusted Data

Details

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.

Database specific

{
    "cwe_ids": [
        "CWE-502"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52306.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/laravel-backpack/filemanager

Affected ranges

Type: GIT
Repo: https://github.com/laravel-backpack/filemanager
Events: Introduced

9cd439c472401ced20af9159a35a8039d960c546

Fixed

2830498b85e05fb3c92179053b4d7c4a0fdb880b

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52306.json"