CVE-2024-52306

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
GitHub_MCNA
7.7 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
backpackforlaravelfilemanager
𝑥
< 2.0.2
backpackforlaravelfilemanager
3.0.0 ≤
𝑥
< 3.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b
https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2