5 matches found
Directory Traversal in Studio 42 elFinder
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...
GHSA-44P8-C3WV-F28R Directory Traversal in Studio 42 elFinder
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...
Directory Traversal
studio-42/elfinder is vulnerable to directory traversals. The application does not properly validate the file parameter in the zipdl function of elFinder.class.php, allowing a malicious user to conduct a directory traversals attack, and may cause file deletion. This vulnerability exists due to an...
Directory traversal
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...
CVE-2018-9109
Studio 42 elFinder (PHP Web file manager) prior to version 2.1.36 is affected by a directory traversal vulnerability in elFinder.class.php, zipdl() function. The flaw allows a remote attacker to download files accessible by the web server process and to delete files owned by the account running t...