elFinder MySQL has a SQL Injection in its Volume Driver (elFinderVolumeMySQL)

Summary An authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to inject SQL through a crafted target file hash. Successful exploitation can lead to unauthorized...

PT-2026-39896

Name of the Vulnerable Software and Affected Versions elFinder versions prior to 2.1.68 Description An authenticated SQL injection exists in the MySQL volume driver elFinderVolumeMySQL. This issue allows any logged-in user, including those with read-only access, to inject SQL commands via a craft...