10 matches found
CVE-2026-44258
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...
CVE-2026-44260
The CVE concerns efw4.X (Enterprise Framework for Web). Before 4.08.010, the readonly flag on the efw:elFinder JSP tag is meant to prevent modifications, but server-side checks are missing: even when protected=true and the client sends readonly=true, there is no event handler enforcing the readon...
CVE-2026-44260 efw4.X: readonly Flag Not Enforced Server-Side
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...
CVE-2026-44259 efw4.X: Stored XSS via previewServlet
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...
CVE-2026-44259
efw4.X: Stored XSS via previewServlet affects versions prior to 4.08.010. The previewServlet serves files by inferring MIME type from file extensions (e.g., .html, .htm -> text/html; .svg -> image/svg+xml) without sanitizing content or applying security headers. This can cause embedded Java...
CVE-2026-44257 efw4.X: RCE via zipslip
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...
CVE-2026-44257 efw4.X: RCE via zipslip
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...
CVE-2026-44257
efw4.X (Enterprise Framework for Web) contains a zip-slip path traversal in efw.file.FileManager.unZip prior to 4.08.010. Zip entries are extracted with new File(baseDir, zipEntry.getName()) without canonical-path validation, allowing a crafted entry such as ../../../pwned.jsp to escape the extra...
CVE-2026-44258 efw4.X: Path Traversal via Unchecked dst Parameter leads to Remote Code Execution
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfindercheckRisk function validates target and targets for path traversal and home containment, but does not validate the dst destination parameter used by elfinderpaste. An attacker can copy or move files from within the home...
CVE-2026-44258
CVE-2026-44258 affects efw4.X (Enterprise Framework for Web). Prior to 4.08.010, elfinder_checkRisk validates target/targets but not the dst parameter used by elfinder_paste, allowing an attacker to copy/move files from the home directory to an arbitrary destination by setting dst to a base64-enc...