Vulnerability CVE-2024-38909
Published: 2024-07-30

Description:
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.

 References:
http://elfinder.com
https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909
Copyright 2026, cxsecurity.com

 

Back to Top