59 matches found
EUVD-2021-1383
Malware in sbrugna...
EUVD-2022-2311
Malicious code in bioql PyPI...
CVE-2021-43421
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code...
Cross-Site Scripting (XSS)
studio-42/elfinder is vulnerable to persistent Cross-site Scripting XSS. The vulnerability is due to a filename restriction bypass, allowing attackers to inject malicious scripts...
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...
CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...
CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...
PT-2024-14373 · Studio 42 · Elfinder
Name of the Vulnerable Software and Affected Versions: Studio-42 eLfinder versions 2.1.62 and prior Description: The issue is related to Remote Code Execution RCE due to the lack of restriction for uploading files with the .php8 extension. This allows users to upload malicious files, potentially...
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...
CVE-2023-52045
CVE-2023-52045 affects Studio-42 elFinder 2.1.62, where a filename restriction bypass leads to a persistent XSS vulnerability. Impact: stored XSS via crafted filenames; context is in elFinder file handling. Remediation: upgrade to elFinder 2.1.63 or higher (as reported by Snyk/Veracode/Red Hat re...
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...
CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...
GHSA-3H9F-MM2X-4J58 Studio 42 elFinder vulnerable to Incorrect Access Control
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc...
Studio 42 elFinder vulnerable to Incorrect Access Control
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc...
CVE-2024-38909
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc...
CVE-2024-38909
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc...
CVE-2024-38909
Studio 42 elFinder 2.1.64 is affected by an Incorrect Access Control vulnerability that lets an attacker copy files with unauthorized extensions between server directories, potentially exposing secrets and enabling remote code execution. Root cause: flawed access control allowing cross-directory ...
Studio 42 elFinder 安全漏洞
elFinder is an open source web file manager from Studio 42 Open Source. A security vulnerability exists in Studio 42 elFinder version 2.1.64. An attacker exploiting this vulnerability could disclose confidentiality, execute arbitrary code, and more...
Path Traversal
studio-42/elfinder is vulnerable to Path Traversal. The vulnerability exists due to a lack of validation in the supplied request parameters of elFinderVolumeLocalFileSystem.class.php. which allows an attacker to access and write to the local file system...