Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Elfinder.netcore ProjectElfinder.netcore

2 matches found

CVE
CVEadded 2021/09/01 3:15 p.m.67 views

CVE-2021-23427

This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.

9.8CVSS9.2AI score0.00631EPSS
CVE
CVEadded 2021/09/01 3:15 p.m.62 views

CVE-2021-23428

This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal

9.8CVSS9.2AI score0.00754EPSS