Studio 42 elFinder prior to 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote malicious user to download files accessible by the web server process and delete files owned by the account running the web server process.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
std42 elfinder |