What is CVE-2022-40734?

CVE-2022-40734 is a vulnerability in N/a. Published 2022-09-14.

Is CVE-2022-40734 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-40734

UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.

EPSS: 0.916 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0day404/vulnerability-poc
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Henry4E36/POCS
J1ezds/Vulnerability-Wiki-page
KayCHENvip/vulnerability-poc
Miraitowa70/POC-Notes
Threekiii/Awesome-POC
XiaomingX/awesome-poc-for-red-team
d4n-sec/d4n-sec.github.io

References

github.com/UniSharp/laravel-filemanager/issues/1150
github.com/UniSharp/laravel-filemanager/issues/1150
github.com/UniSharp/laravel-filemanager/issues/1150

Frequently asked questions

What is CVE-2022-40734?: CVE-2022-40734 is a vulnerability in N/a. Published 2022-09-14.
Is CVE-2022-40734 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.