CVE-2019-25673

HIGH

UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25673. PoCs published by Mohammad Danish.

AI-analyzed exploit summary This Python script exploits an arbitrary file upload vulnerability in UniSharp Laravel File Manager (CVE-2019-25673) by sending a crafted multipart HTTP POST request to upload a malicious PHP file. The exploit requires a valid Laravel session cookie and targets versions v2.0.0-alpha7 and v2.0.

Description

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute arbitrary code by accessing the uploaded file through the working directory path.

Exploits (1)

exploitdb WORKING POC

by Mohammad Danish · pythonwebappsphp

https://www.exploit-db.com/exploits/46389

View Code ZIP pw:eip

This Python script exploits an arbitrary file upload vulnerability in UniSharp Laravel File Manager (CVE-2019-25673) by sending a crafted multipart HTTP POST request to upload a malicious PHP file. The exploit requires a valid Laravel session cookie and targets versions v2.0.0-alpha7 and v2.0.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: UniSharp Laravel File Manager v2.0.0-alpha7 & v2.0

Auth required

Prerequisites: valid Laravel session cookie · access to the Laravel File Manager interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 07, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46389

https://www.exploit-db.com/exploits/46389

Product product

Official Product Homepage

https://github.com/UniSharp/laravel-filemanager

Product issue-tracking

Source Code Repository

https://github.com/UniSharp/laravel-filemanager/issues/356

Third Party Advisory third-party-advisory

VulnCheck Advisory: UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload

https://www.vulncheck.com/advisories/unisharp-laravel-file-manager-alpha7-arbitrary-file-upload

Scores

CVSS v3 8.8

EPSS 0.0041

EPSS Percentile 32.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

UniSharp/Laravel File Manager 2.0.0

Published Apr 05, 2026

Tracked Since Apr 06, 2026