CVE-2019-25673
Arbitrary File Upload in UniSharp Laravel File Manager Enables RCE
Publication date: 2026-04-05
Last updated on: 2026-04-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unisharp | laravel_file_manager | 2.0.0_alpha7 |
| unisharp | laravel_file_manager | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
UniSharp Laravel File Manager versions 2.0.0-alpha7 and 2.0 have an arbitrary file upload vulnerability. This means that authenticated attackers can upload malicious files by sending multipart form data to the upload endpoint. Specifically, attackers can upload PHP files by setting the type parameter to Files, which allows them to execute arbitrary code by accessing the uploaded file through the working directory path.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows attackers with authentication to upload and execute malicious PHP code on the server. This can lead to unauthorized code execution, potentially compromising the entire system, stealing sensitive data, modifying or deleting files, or using the server as a foothold for further attacks.