CVE-2019-25673

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute arbitrary code by accessing the uploaded file through the working directory path.
Configurations

No configuration.

History

05 Apr 2026, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-05 21:16

Updated : 2026-06-17 02:32


NVD link : CVE-2019-25673

Mitre link : CVE-2019-25673

CVE.ORG link : CVE-2019-25673


JSON object : View

Products Affected

No product.

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type