Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

GithubExploit
GithubExploitadded 2026/02/18 12:40 a.m.297 views

Exploit for OS Command Injection in Std42 Elfinder

CVE-2019-9194 — elFinder Command Injection PoC Command in...

9.8CVSS6.7AI score0.9285EPSS
Exploits11
Exploit DB
Exploit DBadded 2019/03/13 12:0 a.m.230 views

elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder PHP Connector exiftran Command Injection', 'Description' = %q This module exploits a command injection vulnerability in elFinder version...

9.8CVSS9.5AI score0.9285EPSS
Exploits11
Packet Storm
Packet Stormadded 2019/03/05 12:0 a.m.331 views

elFinder 2.1.47 Command Injection

!/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqid" : "1693222c439f4", "cmd" : "upload", "target" :...

7.5CVSS9.5AI score0.9285EPSS
Exploits11
0day.today
0day.todayadded 2019/03/04 12:0 a.m.295 views

elFinder 2.1.47 - Command Injection vulnerability in the PHP connector Exploit

Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data =...

7.5CVSS0.9285EPSS
Exploits11
Circl
Circladded 2019/03/04 12:0 a.m.14 views

CVE-2019-9194

creationtimestamp| type| source ---|---|--- 2019-03-04 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46481 2019-03-11 20:19:00+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/elfinderphpconnectorexiftrancmdinjection.rb 2019-03-...

9.8CVSS8.6AI score0.9285EPSS
Exploits11References5
exploitpack
exploitpackadded 2019/03/04 12:0 a.m.50 views

elFinder 2.1.47 - PHP connector Command Injection

elFinder 2.1.47 - PHP connector Command Injection !/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqi...

7.5CVSS0.9285EPSS
Exploits11
Exploit DB
Exploit DBadded 2019/03/04 12:0 a.m.380 views

elFinder 2.1.47 - 'PHP connector' Command Injection

!/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqid" : "1693222c439f4", "cmd" : "upload", "target" :...

9.8CVSS9.5AI score0.9285EPSS
Exploits11
CVE
CVEadded 2019/02/26 7:0 p.m.367 views

CVE-2019-9194

The CVE-2019-9194 issue affects elFinder before 2.1.48 (PHP connector). The Nuclei/YAML entry and Exploit-DB records confirm a command injection in the PHP connector triggered during JPEG image operations, where the filename is passed to exiftran without proper sanitization, enabling remote comma...

9.8CVSS9.5AI score0.9285EPSS
Exploits11References5Affected Software1
Cvelist
Cvelistadded 2019/02/26 7:0 p.m.27 views

CVE-2019-9194

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector...

9.8AI score0.9285EPSS
Exploits11References5
Rows per page
Query Builder