FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.
History

Tue, 19 Nov 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Backpackforlaravel
Backpackforlaravel filemanager
CPEs cpe:2.3:a:backpackforlaravel:filemanager:*:*:*:*:*:*:*:*
Vendors & Products Backpackforlaravel
Backpackforlaravel filemanager

Wed, 13 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Laravel-backpack
Laravel-backpack file Manager
CPEs cpe:2.3:a:laravel-backpack:file_manager:*:*:*:*:*:*:*:*
Vendors & Products Laravel-backpack
Laravel-backpack file Manager
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 15:30:00 +0000

Type Values Removed Values Added
Description FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.
Title FileManager Deserialization of Untrusted Data
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-13T15:15:38.301Z

Updated: 2024-11-13T20:01:56.693Z

Reserved: 2024-11-06T19:00:26.397Z

Link: CVE-2024-52306

cve-icon Vulnrichment

Updated: 2024-11-13T20:01:45.770Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-13T16:15:20.723

Modified: 2024-11-19T15:02:45.053

Link: CVE-2024-52306

cve-icon Redhat

No data.