CVE-2022-26960

Exploit

EPSS 86.39%
Published 21.03.2022 17:15:07
Last modified 21.11.2024 06:54:52
Source cve@mitre.org
Teams watchlist Login
Open Login

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Std42 ≫ Elfinder Version < 2.1.61

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	86.39%	0.994

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db

Patch

Third Party Advisory

https://www.synacktiv.com/publications.html

Product

https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html

Third Party Advisory

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2022-26960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26960

EUVD