CVE-2022-40734
Published: 14 September 2022
Summary
CVE-2022-40734 is a medium-severity Path Traversal (CWE-22) vulnerability in Unisharp Laravel Filemanager. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
UniSharp laravel-filemanager before version 2.6.4 contains a directory traversal flaw that permits arbitrary file reads through the download endpoint when a working_dir parameter such as %2F.. is supplied. The issue is also linked to league/flysystem releases prior to 2.0.0 and carries a CVSS 3.1 score of 6.5 reflecting network attack vector, low complexity, and low-privilege requirements with high confidentiality impact.
An authenticated attacker can send crafted requests to the affected file-manager component and retrieve sensitive files from the underlying filesystem without further user interaction. The vulnerability was observed being exploited in the wild as early as June 2022.
The referenced GitHub issues track the discovery and resolution, indicating that upgrading to laravel-filemanager 2.6.4 or later closes the traversal vector. The associated EPSS score remains elevated, with a current value of 0.9165 and a recorded peak of 0.9294.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-6710
Vulnerability details
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.