16 matches found
EUVD-2021-2127
Malware in sbrugna...
EUVD-2021-2028
Malware in sbrugna...
Arbitrary File Extraction
elfinder.netcore is vulnerable to arbitrary file extraction. Lack of secure validation of user-provided data to the ExtractAsync method allows attacker to extract arbitrary files...
Path Traversal
elfinder.netcore is vulnerable to path traversal. Lack of sanitization of user-provided data to the Path.Combine... method allows attacker to input malicious characters to access files and directories outside the destination folder...
GHSA-9RJP-R58J-FXGQ Path traversal in elFinder.NetCore
This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...
Path traversal in elFinder.NetCore
This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...
GHSA-WMPM-FQ7R-JQ56 Imporoper path validation in elFinder.NetCore
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
Imporoper path validation in elFinder.NetCore
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
CVE-2021-23427
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
CVE-2021-23427
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
CVE-2021-23427
CVE-2021-23427 affects all versions of elFinder.NetCore. The vulnerability resides in the FileSystem.ExtractAsync function, where insufficient input validation enables arbitrary extraction (Zip Slip). Multiple sources describe an Arbitrary File Write/Extraction risk, with high-severity impact (cr...
CVE-2021-23427 Arbitrary File Write via Archive Extraction (Zip Slip)
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
CVE-2021-23428
CVE-2021-23428 affects all versions of elFinder.NetCore. The vulnerability arises because Path.Combine(...) is used to build absolute file paths without sufficient sanitization of user input, enabling traversal outside the Files directory. This can allow access to files and directories outside th...
CVE-2021-23428
This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...
CVE-2021-23427
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview elFinder.NetCore is a file manager for Web. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation. PoC Upload the...