Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:6 a.m.20 views

Directory Traversal in Studio 42 elFinder

Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...

9.1CVSS6.8AI score0.02899EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:6 a.m.16 views

GHSA-44P8-C3WV-F28R Directory Traversal in Studio 42 elFinder

Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...

9.1CVSS9.2AI score0.02963EPSS
Exploits0References4
Veracode
Veracode
added 2018/05/25 2:2 a.m.20 views

Directory Traversal

studio-42/elfinder is vulnerable to directory traversals. The application does not properly validate the file parameter in the zipdl function of elFinder.class.php, allowing a malicious user to conduct a directory traversals attack, and may cause file deletion. This vulnerability exists due to an...

9.1CVSS8.8AI score0.02963EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2018/03/28 2:29 p.m.10 views

Directory traversal

Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...

7.5CVSS9.2AI score0.02963EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/03/28 6:0 a.m.45 views

CVE-2018-9109

Studio 42 elFinder (PHP Web file manager) prior to version 2.1.36 is affected by a directory traversal vulnerability in elFinder.class.php, zipdl() function. The flaw allows a remote attacker to download files accessible by the web server process and to delete files owned by the account running t...

9.1CVSS8.9AI score0.02963EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder