studio-42/elfinder is vulnerable to directory traversals. The application does not validate the file
parameter of the zipdl()
function in elFinder.class.php
, allowing a malicious user to cause a directory traversal attack and may cause file deletion.