CVE-2022-40734 PoC — laravel-filemanager 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-40734.yaml

Associated Vulnerability

Title:laravel-filemanager 路径遍历漏洞 (CVE-2022-40734)
Description:laravel-filemanager是用于 Laravel 5 到 6 和 CKEditor / TinyMCE 的文件上传/编辑器。 laravel-filemanager 2.5.1之前的版本存在安全漏洞，该漏洞源于其允许通过特殊URL遍历目录实现读取任意文件。

Description

Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.

File Snapshot


 id: CVE-2022-40734

info:
  name: Laravel Filemanager v2.5.1 - Local File Inclusion
  author: arafat

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!