CVE-2021-23394
- EPSS 19.08%
- Veröffentlicht 13.06.2021 11:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:38
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2019-9194
- EPSS 96.63%
- Veröffentlicht 26.02.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:10
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVE-2019-6257
- EPSS 1.1%
- Veröffentlicht 14.01.2019 08:29:00
- Zuletzt bearbeitet 21.11.2024 04:46:19
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
CVE-2019-5884
- EPSS 1.28%
- Veröffentlicht 10.01.2019 08:29:00
- Zuletzt bearbeitet 21.11.2024 04:45:42
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.
CVE-2018-9110
- EPSS 2.9%
- Veröffentlicht 28.03.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:58
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account run...
CVE-2018-9109
- EPSS 2.96%
- Veröffentlicht 28.03.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:58
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account run...