Vulnerability Database

309,364

Total vulnerabilities in the database

Possibility for Denial of Service by overwriting PHP files with language exports

Impact

Laravel Translation Manager didn't check the locale name, which allowed directory traversal when exporting files. The content would be a PHP file returning an array of translations, but this could lead to unexpected results, like denial of service. Access to the Laravel Translation Manager is required, because a new locale would have to be added and published.

Patches

Version 0.6.2 fixes this issue.

Workarounds

Only allow trusted admins to publish/edit translations.

References

https://github.com/barryvdh/laravel-translation-manager/pull/417

For more information

If you have any questions or comments about this advisory:

Open an issue in https://github.com/barryvdh/laravel-translation-manager
Email me (see Github profile)

Credits

Found and reported by Natalia Trojanowska

Published: Mar 18, 2022
Updated: Apr 14, 2023
GHSA: GHSA-3fvf-2gp4-89wq
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
barryvdh / laravel-translation-manager	-	0.6.2

https://github.com/barryvdh/laravel-translation-manager/security/advisories/GHSA-3fvf-2gp4-89wq

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime