alexusmai/laravel-file-manager

alexusmai/laravel-file-manager

Releases56

Frequency1 month 3 weeks

Last Release 23 days ago

Stars1.19K

File manager for Laravel

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-65346 ↗	Dec 4, 2025Thursday, 4 December 2025, 15:15	9.1 CRITICAL	—
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.
CVE-2025-65345 ↗	Dec 3, 2025Wednesday, 3 December 2025, 20:16	6.5 MEDIUM	—
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation.
CVE-2025-63307 ↗	Nov 6, 2025Thursday, 6 November 2025, 16:16	8.1 HIGH	—
alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization.