RSS   Podatności dla 'Elfinder'   RSS

2022-04-07
 
CVE-2021-43421

CWE-434
 

 
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.

 
2022-03-21
 
CVE-2022-26960

CWE-22
 

 
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.

 
2022-02-08
 
CVE-2021-45919

CWE-79
 

 
Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.

 
2019-02-26
 
CVE-2019-9194

 

 
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

 


Copyright 2024, cxsecurity.com

 

Back to Top