Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-40734 PoC — laravel-filemanager 路径遍历漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Laravel%20Filemanager%E6%8F%92%E4%BB%B6%20download%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2022-40734.md
Associated Vulnerability
Title:laravel-filemanager 路径遍历漏洞 (CVE-2022-40734)
Description:laravel-filemanager是用于 Laravel 5 到 6 和 CKEditor / TinyMCE 的文件上传/编辑器。 laravel-filemanager 2.5.1之前的版本存在安全漏洞,该漏洞源于其允许通过特殊URL遍历目录实现读取任意文件。
File Snapshot

 # Laravel Filemanager插件 download 任意文件读取漏洞 CVE-2022-40734

## 漏洞描述

Laravel Filemanager插件 download 接口

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.