RSS   Vulnerabilities for 'Elfinder.netcore'   RSS

2021-09-01
 
CVE-2021-23427

CWE-20
 

 
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.

 
 
CVE-2021-23428

CWE-20
 

 
This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal

 


Copyright 2024, cxsecurity.com

 

Back to Top