2 matches found
CVE-2026-41247 elFinder: Command injection in resize background color parameter when using ImageMagick CLI
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...
elFinder: Command injection in resize background color parameter when using ImageMagick CLI
Severity High bg can be injected into shell command construction, leading to possible RCE in affected configurations. Summary elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image...