Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elfinder vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35840
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder prior to 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
Std42 Elfinder
1 Github repository
7.5
CVSSv2
CVE-2022-27115
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
Std42 Elfinder 2.1.60
7.5
CVSSv2
CVE-2021-43421
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
Std42 Elfinder
5.5
CVSSv2
CVE-2022-0403
The Library File Manager WordPress plugin prior to 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any a...
Wpjos Library File Manager
1 Github repository
5.8
CVSSv2
CVE-2022-26960
connector.minimal.php in std42 elFinder up to and including 2.1.60 is affected by path traversal. This allows unauthenticated remote malicious users to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
Std42 Elfinder
7.5
CVSSv2
CVE-2021-44663
A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte up to and including 3.8.4 via a crafted php file through elfinder in connetor.php.
Nottingham.ac Xerte Online Toolkits
3.5
CVSSv2
CVE-2021-45919
Studio 42 elFinder up to and including 2.1.31 allows XSS via an SVG document.
Std42 Elfinder
7.5
CVSSv2
CVE-2021-32172
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.
Maianscriptworld Maian Cart 3.8
7.5
CVSSv2
CVE-2021-32682
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an malicious user to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even ...
Std42 Elfinder
1 Github repository
6.8
CVSSv2
CVE-2021-23394
The package studio-42/elfinder prior to 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
Std42 Elfinder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »