UniSharp Laravel File Manager Arbitrary File Upload Vulnerability Summary Vulnerability Overview An arbitrary file upload vulnerability exists in UniSharp Laravel File Manager version 2.0.0-alpha7. This vulnerability allows attackers to upload malicious files (such as PHP Webshells) under specific conditions (when the parameter is set to ), thereby gaining control of the server. Affected Scope Affected Software: UniSharp Laravel File Manager Affected Versions: 2.0.0-alpha7 (and earlier versions) Platform: PHP Vulnerability Type: Arbitrary File Upload Reported By: Mohammad Danish Disclosure Date: 2019-02-15 Remediation It is recommended to upgrade to the latest version where this vulnerability has been patched. Since the specific patched version is not provided in the screenshots, consult the official release notes or the GitHub repository for the latest security patches. POC/Exploit Code The following Python exploit code is provided in the screenshots: