Lucene search
K

4 matches found

NVD
NVD
added 2026/05/12 10:16 p.m.79 views

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 9:9 p.m.8 views

CVE-2026-44260 efw4.X: readonly Flag Not Enforced Server-Side

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 9:9 p.m.3 views

CVE-2026-44260 efw4.X: readonly Flag Not Enforced Server-Side

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS6AI score0.00301EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 9:9 p.m.33 views

CVE-2026-44260

The CVE concerns efw4.X (Enterprise Framework for Web). Before 4.08.010, the readonly flag on the efw:elFinder JSP tag is meant to prevent modifications, but server-side checks are missing: even when protected=true and the client sends readonly=true, there is no event handler enforcing the readon...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References1
Rows per page
Query Builder