Home / Vulnerability Intelligence / CVE-2019-25673

CVE-2019-25673 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 5, 2026

UniSharp Laravel File Manager - Unrestricted File Upload

Published: April 5, 2026Updated: April 5, 2026Remote Exploitable

Overview

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an unrestricted file upload vulnerability caused by insufficient validation of multipart form data in the upload endpoint, letting authenticated attackers upload and execute arbitrary PHP code.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated attackers can upload and execute arbitrary PHP code, potentially leading to full server compromise.

Mitigation

Update to the latest version of UniSharp Laravel File Manager.

References

https://github.com/UniSharp/laravel-filemanager
https://github.com/UniSharp/laravel-filemanager/issues/356
https://www.exploit-db.com/exploits/46389
https://www.vulncheck.com/advisories/unisharp-laravel-file-manager-alpha7-arbitrary-file-upload

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2019-25673
Severity: High
CVSS Score: 8.8
Type: unrestricted_file_upload
Status: new

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H