CVE-2024-52306 HIGH

CVE-2024-52306: FileManager Deserialization of Untrusted Data

Vendor Laravel-Backpack
Product FileManager
Weakness CWE-502 · Unsafe deserialization
Published November 13, 2024
Last update November 13, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.

Key dates

02Disclosure timeline

November 13, 2024 CVE published
November 13, 2024 Record updated

Related vulnerabilities

04Related CVE