CVE-2024-52306

HIGH

FileManager <3.0.9 - Code Injection

Title source: llm

Description

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.

References (2)

[Patch] https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2

Scores

CVSS v3 7.6

EPSS 0.0371

EPSS Percentile 87.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

backpackforlaravel/filemanager < 2.0.2

backpack/filemanager < 3.0.9Packagist

Timeline

Published Nov 13, 2024

Tracked Since Feb 18, 2026