elFinder < 2.1.62 Path Traversal Vulnerability (GHSA-wm5g-p99q-66g4)

elFinder is prone to a path traversal vulnerability in the PHP LocalVolumeDriver connector. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Exploit for Path Traversal in Std42 Elfinder

CVE-2023-35840 elFinder 2.1.62 - Path Traversal vulnerabilit...

Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wm5g-p99q-66g4. This link is maintained to preserve external references. Original Description joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP...

GHSA-3P2Q-MH7Q-9PXJ Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wm5g-p99q-66g4. This link is maintained to preserve external references. Original Description joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP...

CVE-2023-35840

joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector...

CVE-2023-35840

joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector...

CVE-2023-35840

joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector...

Path traversal

joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector...

CVE-2023-35840

joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector...

CVE-2023-35840

CVE-2023-35840 affects elFinder before 2.1.62 due to a path traversal weakness in the PHP LocalVolumeDriver connector (joinPath in elFinderVolumeLocalFileSystem.class.php). The root cause is incomplete validation of the target parameter, allowing traversal beyond web root. OpenVAS details indicat...

CVE-2023-35840

joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector...

GHSA-WM5G-P99Q-66G4 elFinder vulnerable to path traversal in LocalVolumeDriver connector

Impact Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system. This issue was caused by incomplete validity checking of the supplied request parameters. That problem has been fixed in...

elFinder vulnerable to path traversal in LocalVolumeDriver connector

Impact Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system. This issue was caused by incomplete validity checking of the supplied request parameters. That problem has been fixed in...

PT-2023-25338 · Elfinder · Elfinder

Name of the Vulnerable Software and Affected Versions: elFinder versions prior to 2.1.62 Description: The issue allows path traversal in the PHP LocalVolumeDriver connector due to incomplete validity checking of supplied request parameters. This can be exploited by allowing untrusted users to wri...