Laravel File Manager Directory Traversal

CRITICAL (9.1)
cwe-22alexusmaidirectory-traversallaravel-file-managerphpvulnerability

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available
EPSS Score: 0.43% chance of exploitation (percentile: 62%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

The alexusmai laravel-file-manager is a PHP-based file management tool used in Laravel applications. This vulnerability allows attackers to write files to arbitrary locations on the filesystem during archive extraction, potentially leading to data tampering or lateral movement.

Am I affected?

Affected versions: 3.3.1 If you don't recognise this software, you're probably not affected.

How to fix

Concrete steps to fix this vulnerability:

  1. Upgrade to alexusmai laravel-file-manager version 3.4.0 or later: You can update via Composer by running composer require --update-dev alexusmai/laravel-file-manager.
  2. Immediate mitigations:
  3. Restrict network access to your instance (firewall it from the public internet).
  4. Audit file system activity for suspicious patterns.
  5. Monitor for unauthorized zip archive creation.

References