2 matches found
CVE-2021-23427
CVE-2021-23427 affects all versions of elFinder.NetCore. The vulnerability resides in the FileSystem.ExtractAsync function, where insufficient input validation enables arbitrary extraction (Zip Slip). Multiple sources describe an Arbitrary File Write/Extraction risk, with high-severity impact (cr...
CVE-2021-23428
CVE-2021-23428 affects all versions of elFinder.NetCore. The vulnerability arises because Path.Combine(...) is used to build absolute file paths without sufficient sanitization of user input, enabling traversal outside the Files directory. This can allow access to files and directories outside th...