6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
44.0%
Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system.
This issue was caused by incomplete validity checking of the supplied request parameters. That problem has been fixed in elFinder Version 2.1.62.
This vulnerability has been fixed in elFinder 2.1.62. Installation managers should update to the latest version as soon as possible.
If you cannot update for some reason, you must stop using it or prohibit writing to untrusted users.
CPE | Name | Operator | Version |
---|---|---|---|
studio-42/elfinder | lt | 2.1.62 |