Path Traversal

2021-09-0606:35:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

elfinder.netcore

path traversal

user-provided data

malicious characters

files

directories

EPSS

0.003

Percentile

69.3%

JSON

elfinder.netcore is vulnerable to path traversal. Lack of sanitization of user-provided data to the Path.Combine(…) method allows attacker to input malicious characters to access files and directories outside the destination folder.

References

github.com/gordon-matt/elFinder.NetCore

github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.cs#L387

github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.cs%23L387

EPSS

0.003

Percentile

69.3%

JSON

Related for VERACODE:31972