2 matches found
CVE-2018-9110
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...
CVE-2018-9110
Studio 42 elFinder is vulnerable before version 2.1.37 due to a directory traversal flaw in elFinder.class.php zipdl() that lets an attacker download files accessible to the web server and delete files owned by the server process. The issue stems from an incomplete fix for CVE-2018-9109. Public r...