Laravel-filemanager: File download attack

Created on 21 May 2020  路  3Comments  路  Source: UniSharp/laravel-filemanager

This file manager is good, but it has a dangerous bug: you can easily attack the server by dowloading files.

Ex: /laravel-filemanager/download?working_dir=%2F&type=&file=../../../../.env

security

Most helpful comment

All 3 comments

Wow! I've tested, it is really big fail...
Good job @sanvu88

Fixed in v2.2.0, thanks for reporting this.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

maorkavod picture maorkavod  路  5Comments

t67132 picture t67132  路  3Comments

phamtien9819 picture phamtien9819  路  5Comments

midulkhan picture midulkhan  路  5Comments

anasmorahhib picture anasmorahhib  路  5Comments