elFinder <=2.1.60 - Local File Inclusion

elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. id: CVE-2022-26960 info: name: elFind...

Studio-42 elFinder <2.1.60 - Arbitrary File Upload

Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code. id: CVE-2021-43421 info: name: Studio-42 elFinder 2.1.60 - Arbitrary File Upload author: akincibor severity:...

elFinder 2.1.58 - Remote Code Execution

elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. id: CVE-2021-32682 info: name: elFinder 2.1.58 - Remote Code Executi...

CVE-2022-26960

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths...

CVE-2022-26960

CVE-2022-26960 affects elFinder