Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elfinder vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-45919
Studio 42 elFinder up to and including 2.1.31 allows XSS via an SVG document.
Std42 Elfinder
383
VMScore
CVE-2019-5884
php/elFinder.class.php in elFinder prior to 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.
Std42 Elfinder
668
VMScore
CVE-2022-27115
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
Std42 Elfinder 2.1.60
578
VMScore
CVE-2020-35235
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin up to and including 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulne...
Themexa Secure File Manager
672
VMScore
CVE-2020-25213
The File Manager (wp-file-manager) plugin prior to 6.9 for WordPress allows remote malicious users to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows malicious users to run th...
Webdesi9 File Manager
12 Github repositories
383
VMScore
CVE-2017-8085
In Exponent CMS prior to 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
Exponentcms Exponent Cms
668
VMScore
CVE-2021-44663
A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte up to and including 3.8.4 via a crafted php file through elfinder in connetor.php.
Nottingham.ac Xerte Online Toolkits
490
VMScore
CVE-2022-0403
The Library File Manager WordPress plugin prior to 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any a...
Wpjos Library File Manager
1 Github repository
578
VMScore
CVE-2020-36079
Zenphoto up to and including 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, f...
Zenphoto Zenphoto
1 Github repository
668
VMScore
CVE-2021-32172
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.
Maianscriptworld Maian Cart 3.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »