Home

Description

Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestination(). Attackers can exploit the permissive character-class regex that allows both dot and slash characters combined with an ineffective trailing trim() call to bypass sanitization and upload files to sensitive locations such as the document root, environment configuration files, or application configuration directories, enabling remote code execution.

PUBLISHED Reserved 2026-06-02 | Published 2026-07-13 | Updated 2026-07-14 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
affected

Any version before 7.0.0
affected

Credits

Xurshidbek Sobirjonov finder

VulnCheck coordinator

References

github.com/plank/laravel-mediable/releases/tag/7.0.0 (laravel-mediable 7.0.0 Release Notes) release-notes patch

github.com/...ommit/6d1e7fb39922fdfb3b2d120e13f4eb2e653ae082 (Patch Commit) patch

www.vulncheck.com/...le-path-traversal-via-file-sanitizepath third-party-advisory

cve.org (CVE-2026-49970)

nvd.nist.gov (CVE-2026-49970)

Download JSON