Hackers have been able to upload malicious files via our Laravel application. After analysis we identified that there is a vulnerabilty in the Laravel filemanager. Patches found did not resolve the problem.
Here is a video describing the exploit. https://www.youtube.com/watch?v=hGMuUjOmnU8
Does anybody know of a fix for this security issue?
Thanks.
I'm thinking you already saw https://unisharp.github.io/laravel-filemanager/security
They don't have a specific way to report security vulnerabilities so if this is still an issue try opening an issue on their repo to ask to which email address you can report the vulnerability. It's always better to discuss these things in private with the maintainers instead of disclosing these publicly: https://github.com/UniSharp/laravel-filemanager
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community