CVE-2019-25673

HIGH 8.8

UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload

CVSS Score

8.8

EPSS Score

0.1%

EPSS Percentile

19th

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute arbitrary code by accessing the uploaded file through the working directory path.

CWE	CWE-434
Vendor	unisharp
Product	laravel file manager
Published	Apr 5, 2026
Last Updated	Apr 6, 2026

Stay Ahead of the Next One

Get instant alerts for unisharp laravel file manager

Be the first to know when new high vulnerabilities affecting unisharp laravel file manager are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

UniSharp / Laravel File Manager

2.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46389 github.com: https://github.com/UniSharp/laravel-filemanager github.com: https://github.com/UniSharp/laravel-filemanager/issues/356 vulncheck.com: https://www.vulncheck.com/advisories/unisharp-laravel-file-manager-alpha7-arbitrary-file-upload

Credits

Mohammad Danish