CVE-2019-25673 HIGH

CVE-2019-25673: UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload

Vendor Unisharp

Product Laravel File Manager

Weakness CWE-434 · Unrestricted file upload

Published April 5, 2026

Last update April 6, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

Description

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute arbitrary code by accessing the uploaded file through the working directory path.

Key dates

Disclosure timeline

April 5, 2026 CVE published

April 6, 2026 Record updated