Lucene search
K

425 matches found

Cvelist
Cvelist
added 2026/02/20 10:54 p.m.23 views

CVE-2018-25158 Chamilo LMS 1.11.8 Arbitrary File Upload via elfinder

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS0.00376EPSS
Exploits0References3
CVE
CVE
added 2026/02/20 10:54 p.m.11 views

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability in the elfinder filemanager module. Authenticated users can upload files (with image headers) in the social myfiles area, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files. Impact is high fo...

8.8CVSS6.1AI score0.00376EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.10 views

PT-2026-21308

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute...

8.8CVSS6.1AI score0.00376EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Version 1.11.8 of Chamilo LMS contains a code vulnerability. This vulnerability stems from the elfinder file...

8.8CVSS6.2AI score0.00376EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/18 12:40 a.m.350 views

Exploit for OS Command Injection in Std42 Elfinder

CVE-2019-9194 — elFinder Command Injection PoC Command in...

9.8CVSS6.7AI score0.96633EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/02/18 12:40 a.m.155 views

Exploit for OS Command Injection in Std42 Elfinder

CVE-2019-9194 — elFinder Command Injection PoC Command in...

9.8CVSS6.7AI score0.96633EPSS
Exploits11
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.11 views

CVE-2022-0403

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users,...

9.8CVSS6.7AI score0.69934EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.9 views

CVE-2022-26960

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths...

9.1CVSS7AI score0.50993EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.9 views

CVE-2022-27115

In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload...

9.8CVSS7.9AI score0.28594EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 11:15 p.m.4 views

CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

5.4CVSS6.1AI score
Exploits0References3
Veracode
Veracode
added 2025/12/13 6:56 a.m.11 views

Arbitrary File Upload

studio-42/elfinder is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation of uploaded files in connector.minimal.php, which allows an attacker to upload malicious files and execute arbitrary PHP code on the server...

9.8CVSS7.7AI score0.42781EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/11 10:1 p.m.5 views

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...

8.8CVSS8.6AI score0.00571EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 12:30 a.m.3 views

EUVD-2024-55315

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...

8.7CVSS8.2AI score0.00571EPSS
Exploits0References5
NVD
NVD
added 2025/12/10 10:16 p.m.8 views

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...

8.8CVSS0.00571EPSS
Exploits0References4
OSV
OSV
added 2025/12/10 10:16 p.m.2 views

CVE-2024-58283

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...

8.8CVSS8.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/10 9:14 p.m.4 views

CVE-2024-58283 WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...

8.7CVSS8.3AI score0.00571EPSS
Exploits0References4
CVE
CVE
added 2025/12/10 9:14 p.m.12 views

CVE-2024-58283

CVE-2024-58283 concerns WBCE CMS 1.6.2, where an authenticated attacker can abuse the Elfinder file manager’s upload functionality to place a PHP web shell and execute arbitrary system commands via a user-controlled parameter. The underlying issue is a remote code execution vulnerability in the E...

8.8CVSS8.3AI score0.00571EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/12/10 9:14 p.m.22 views

CVE-2024-58283 WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...

8.7CVSS0.00571EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.3 views

WBCE CMS 代码问题漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A code issue vulnerability exists in WBCE CMS version 1.6.2 that originates from an authenticated user being able to upload malicious PHP files via the Elfinder file manager, which could lead to...

8.8CVSS7.7AI score0.00571EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.7 views

PT-2025-50532

WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...

8.7CVSS8.6AI score0.00571EPSS
Exploits0References6
Rows per page
Query Builder