CVE-2024-21546

CVSS 9.8 · Critical EPSS 4.39% · P89 Updated Aug 28, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-21546

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

对生成代码的控制不恰当(代码注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

laravel-filemanager 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

laravel-filemanager是UniSharp开源的一个工具。 laravel-filemanager 2.9.1之前版本存在安全漏洞，该漏洞源于容易受到远程代码执行攻击，允许攻击者执行恶意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	unisharp/laravel-filemanager	0 ~ 2.9.1	-

II. Public POCs for CVE-2024-21546

#	POC Description	Source Link	Shenlong Link
1	This Python exploit script targets a vulnerable Laravel Filemanager created by UniSharp, which allows authenticated users to bypass file restrictions and upload malicious files. This can lead to Remote Code Execution (RCE) when the uploaded payload is triggered.	https://github.com/ajdumanhug/CVE-2024-21546	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-21546

请登录查看更多情报信息。

Same Patch Batch · n/a · 2024-12-18 · 24 CVEs total

CVE-2024-21548	7.5 HIGH	Bun 安全漏洞
CVE-2024-21547	7.5 HIGH	Browsershot 安全漏洞
CVE-2024-53580		iperf 安全漏洞
CVE-2024-49202		Keyfactor Command 安全漏洞
CVE-2024-49201		Remote File Orchestrator Extension 安全漏洞
CVE-2024-56174		Optimizely Configured Commerce 安全漏洞
CVE-2024-56170		FORT Validator 安全漏洞
CVE-2024-56169		FORT Validator 安全漏洞
CVE-2024-56116		Amiro.CMS 安全漏洞
CVE-2024-56173		Optimizely Configured Commerce 安全漏洞
CVE-2024-56175		Optimizely Configured Commerce 安全漏洞
CVE-2024-56115		Amiro.CMS 安全漏洞
CVE-2024-55505		CodeAstro Complaint Management System 安全漏洞
CVE-2024-55492		Winmail Server 安全漏洞
CVE-2024-55506		CodeAstro Complaint Management System 安全漏洞
CVE-2024-55461		SeaCMS 安全漏洞
CVE-2024-55239		i-Educar 安全漏洞
CVE-2024-55086		GetSimple CMS 安全漏洞
CVE-2024-55231		PHPGurukul Online Notes Sharing Management System 安全漏洞
CVE-2024-55088		GetSimple CMS 安全漏洞

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: unisharp/laravel-filemanager

CVE-2021-23814
laravel-filemanager代码问题漏洞

Same vendor: n/a

Same weakness: CWE-94

V. Comments for CVE-2024-21546

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-21546

I. Basic Information for CVE-2024-21546

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2024-21546

III. Intelligence Information for CVE-2024-21546

Same Patch Batch · n/a · 2024-12-18 · 24 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-21546

Leave a comment