Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elfinder vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-1972
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x prior to 6.x-0.8 and 7.x-0.x prior to 7.x-0.8 for Drupal allows remote malicious users to hijack the authentication of unspecified victims to create, modify, or delete files via unknown ve...
Alexey Sukhotin Elfinder 6.x-0.6
Alexey Sukhotin Elfinder 6.x-0.7
Alexey Sukhotin Elfinder 6.x-0.4-beta3
Alexey Sukhotin Elfinder 6.x-0.5-beta2
Alexey Sukhotin Elfinder 7.x-0.6
Alexey Sukhotin Elfinder 7.x-0.7
Alexey Sukhotin Elfinder 6.x-0.4-beta1
7.5
CVSSv2
CVE-2019-9194
elFinder prior to 2.1.48 has a command injection vulnerability in the PHP connector.
Std42 Elfinder
2 EDB exploits
2 Github repositories
7.5
CVSSv2
CVE-2018-9110
Studio 42 elFinder prior to 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote malicious user to download files accessible by the web server process and delete files owned by the account running the web server pr...
Std42 Elfinder
3.5
CVSSv2
CVE-2021-45919
Studio 42 elFinder up to and including 2.1.31 allows XSS via an SVG document.
Std42 Elfinder
7.5
CVSSv2
CVE-2018-9109
Studio 42 elFinder prior to 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote malicious user to download files accessible by the web server process and delete files owned by the account running the web server pr...
Std42 Elfinder
4.3
CVSSv2
CVE-2019-5884
php/elFinder.class.php in elFinder prior to 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.
Std42 Elfinder
4
CVSSv2
CVE-2019-6257
A Server Side Request Forgery (SSRF) vulnerability in elFinder prior to 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
Std42 Elfinder
NA
CVE-2023-35840
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder prior to 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
Std42 Elfinder
1 Github repository
6.8
CVSSv2
CVE-2021-23394
The package studio-42/elfinder prior to 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
Std42 Elfinder
7.5
CVSSv2
CVE-2021-43421
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
Std42 Elfinder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »