CVE-2026-49972

Source
https://cve.org/CVERecord?id=CVE-2026-49972
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-49972.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-49972
Published
2026-07-13T18:16:02.131Z
Modified
2026-07-17T03:47:13.651251104Z
Severity
  • 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Laravel-Mediable < 7.0.0 File Upload RCE via Extension Bypass
Details

Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.php.jpg. The PATHINFO_FILENAME extraction preserves the inner .php extension in the base name, and on misconfigured Apache or nginx servers that execute any filename containing .php as PHP, the stored file is interpreted as executable code while all MIME type, extension, and aggregate type validation checks pass due to the outer .jpg extension.

Database specific
{
    "cwe_ids": [
        "CWE-434"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/49xxx/CVE-2026-49972.json",
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/plank/laravel-mediable

Affected ranges

Type
GIT
Repo
https://github.com/plank/laravel-mediable
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.0.0"
        }
    ],
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.2.0
0.3.0
1.*
1.0.0
1.0.1
2.*
2.0.0
2.1.0
2.2.3
2.3.0
2.4.0
2.4.1
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.5.0
2.6.0
2.6.1
2.6.2
2.7.0
2.7.1
2.7.2
2.7.3
2.8.0
2.8.1
2.8.2
2.9.0
3.*
3.0.0
3.0.1
4.*
4.0.0
4.0.1
4.1.0
4.2.0
4.2.1
4.2.2
4.2.3
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1
4.4.2
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.1.0
5.1.1
5.2.0
5.2.1
5.3.1
5.4.0
5.4.1
5.5.0
5.6.0
5.7.0
5.8.0
5.9.0
5.9.1
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.1.0
6.1.1
6.1.2
6.1.3
6.2.0
6.2.1
6.3.0
6.3.1
6.4.0
6.5.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-49972.json"