Cyber Resilience

CVE-2022-40734

MediumPublic PoC

Published: 14 September 2022

Published
14 September 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9165 99.7th percentile
Risk Priority 68 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-40734 is a medium-severity Path Traversal (CWE-22) vulnerability in Unisharp Laravel Filemanager. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

UniSharp laravel-filemanager before version 2.6.4 contains a directory traversal flaw that permits arbitrary file reads through the download endpoint when a working_dir parameter such as %2F.. is supplied. The issue is also linked to league/flysystem releases prior to 2.0.0 and carries a CVSS 3.1 score of 6.5 reflecting network attack vector, low complexity, and low-privilege requirements with high confidentiality impact.

An authenticated attacker can send crafted requests to the affected file-manager component and retrieve sensitive files from the underlying filesystem without further user interaction. The vulnerability was observed being exploited in the wild as early as June 2022.

The referenced GitHub issues track the discovery and resolution, indicating that upgrading to laravel-filemanager 2.6.4 or later closes the traversal vector. The associated EPSS score remains elevated, with a current value of 0.9165 and a recorded peak of 0.9294.

EU & UK References

Vulnerability details

UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

unisharp
laravel filemanager
≤ 2.5.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References