39 matches found
CVE-2021-43421
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code...
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...
CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...
PT-2024-14373 · Studio 42 · Elfinder
Name of the Vulnerable Software and Affected Versions: Studio-42 eLfinder versions 2.1.62 and prior Description: The issue is related to Remote Code Execution RCE due to the lack of restriction for uploading files with the .php8 extension. This allows users to upload malicious files, potentially...
CVE-2023-52045
CVE-2023-52045 affects Studio-42 elFinder 2.1.62, where a filename restriction bypass leads to a persistent XSS vulnerability. Impact: stored XSS via crafted filenames; context is in elFinder file handling. Remediation: upgrade to elFinder 2.1.63 or higher (as reported by Snyk/Veracode/Red Hat re...
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...
CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...
GHSA-3H9F-MM2X-4J58 Studio 42 elFinder vulnerable to Incorrect Access Control
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc...
Studio 42 elFinder vulnerable to Incorrect Access Control
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc...
Path Traversal
studio-42/elfinder is vulnerable to Path Traversal. The vulnerability exists due to a lack of validation in the supplied request parameters of elFinderVolumeLocalFileSystem.class.php. which allows an attacker to access and write to the local file system...
GHSA-44P8-C3WV-F28R Directory Traversal in Studio 42 elFinder
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue...
Studio-42 elFinder Remote Code Execution (CVE-2022-27115)
A remote code execution vulnerability exists in Studio-42 elFinder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
RCE in Studio-42 elFinder on Windows before 2.1.61
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload...
GHSA-6P96-VFRC-FV32 RCE in Studio-42 elFinder on Windows before 2.1.61
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload...
CVE-2022-27115
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload...
CVE-2022-27115
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload...
Remote code execution
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload...
CVE-2022-27115
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload...