Product
plank/laravel-mediable through version 6.4.0 is vulnerable to arbitrary file upload via client-supplied MIME types, potentially leading to remote code execution if the uploaded file is stored in a web-accessible location.