PT-2024-28168 · Unknown · Job Board Manager

Name of the Vulnerable Software and Affected Versions: Job Board Manager versions prior to 2.1.58 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

elFinder < 2.1.59 Multiple Vulnerabilities (GHSA-wph3-44rj-92pr)

elFinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:std42:elfinder"; ifdescription...

PT-2021-3443 · Elfinder · Elfinder

Name of the Vulnerable Software and Affected Versions: elFinder versions 2.1.58 Description: The issue is related to the incorrect implementation of the authentication mechanism in the elFinder file manager. This can allow a remote attacker to execute arbitrary code. Several vulnerabilities affec...

PT-2021-3442

Name of the Vulnerable Software and Affected Versions elFinder versions prior to 2.1.58 Description The issue is related to the execution of PHP code in a .phar file, which can lead to Remote Code Execution RCE. This only applies if the server parses .phar files as PHP. The vulnerability is...

Remote Code Execution (RCE)

Overview studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI. Affected versions of this package are vulnerable to Remote Code Execution RCE via execution of PHP code in a .phar file. NOTE: This only applies if the server is configured to parse .phar...