Lucene search

Veracode Vulnerability DatabaseVERACODE:34776

HistoryMar 22, 2022 - 4:09 a.m.

Path Traversal

2022-03-2204:09:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

studio-42/elfinder is vulnerable to path traversal. The vulnerability exists due to improper handling of absolute file paths in the getFullPathfunction. allowing a remote attacker to access data in the system.

CPENameOperatorVersion
studio-42/elfinderle2.1.60
studio-42/elfinderle2.1.60

CPE	Name	Operator	Version
	studio-42/elfinder	le	2.1.60
	studio-42/elfinder	le	2.1.60

References

github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db

www.synacktiv.com/publications.html

www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

Related for VERACODE:34776