GHSA-QM58-CVVM-C5QR elFinder unsafe upload filtering leading to remote code execution
Impact Before elFinder 2.1.58, the upload filter did not disallow the upload of .phar files. As several Linux distributions are now shipping Apache configured in a way it will process these files as PHP scripts, attackers could gain arbitrary code execution on the server hosting the PHP connector...