Home
Description
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.
References
github.com/...asin/CVE-2025-65346/blob/main/POC-CVE-65346.md
github.com/alexusmai/laravel-file-manager
