Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
std42 elfinder vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-45919
Studio 42 elFinder up to and including 2.1.31 allows XSS via an SVG document.
Std42 Elfinder
5.9
CVSSv3
CVE-2019-5884
php/elFinder.class.php in elFinder prior to 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.
Std42 Elfinder
9.8
CVSSv3
CVE-2021-32682
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an malicious user to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even ...
Std42 Elfinder
1 Github repository
9.8
CVSSv3
CVE-2021-23394
The package studio-42/elfinder prior to 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
Std42 Elfinder
9.8
CVSSv3
CVE-2019-9194
elFinder prior to 2.1.48 has a command injection vulnerability in the PHP connector.
Std42 Elfinder
2 EDB exploits
2 Github repositories
9.1
CVSSv3
CVE-2018-9109
Studio 42 elFinder prior to 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote malicious user to download files accessible by the web server process and delete files owned by the account running the web server pr...
Std42 Elfinder
9.1
CVSSv3
CVE-2018-9110
Studio 42 elFinder prior to 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote malicious user to download files accessible by the web server process and delete files owned by the account running the web server pr...
Std42 Elfinder
6.5
CVSSv3
CVE-2023-35840
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder prior to 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
Std42 Elfinder
1 Github repository
9.8
CVSSv3
CVE-2021-43421
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
Std42 Elfinder
7.7
CVSSv3
CVE-2019-6257
A Server Side Request Forgery (SSRF) vulnerability in elFinder prior to 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
Std42 Elfinder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »