intervention/image is an image handling and manipulation library. This package is vulnerable to Directory Traversal attack.
uploads -> first-folder --> image-1.jpg -> second-folder --> image-2.jpg
require 'vendor/autoload.php'; $imageFilename = '../2/image-2.jpg'; // import the Intervention Image Manager Class use Intervention\Image\ImageManagerStatic as Image; // open an image file $img = Image::make('uploads/1/'.$imageFilename); // now you are able to resize the instance $img->resize(320, 240); // finally we save the image as a new file $img->save('uploads/1/newphoto.jpeg');
uploads/1/newphoto.jpegfolder which is belongs to