Studio 42 elFinder prior to 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote malicious user to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
std42 elfinder |