216.73.217.64

CVE-2019-25673

· Published 05/04/2026 21:16 · Modified 05/04/2026 21:16

Labels: CVE-2019-25673 2026-04-05CVE-2019-25673CWE-434[email protected]

Essential information

Published
05/04/2026 21:16
Modified
05/04/2026 21:16
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute arbitrary code by accessing the uploaded file through the working directory path.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
uniSharp / laravel file manager cpe:2.3:a:uniSharp:laravel_file_manager:2.0.0-alpha7:*:*:*:*:*:*:*
uniSharp / laravel file manager cpe:2.3:a:uniSharp:laravel_file_manager:2.0:*:*:*:*:*:*:*

References