Std42 elFinder 2.1.51

CPE Details

Std42 elFinder 2.1.51
std42
elfinder
2.1.51
2021-06-22
14h54 +00:00
2021-06-22
15h19 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:std42:elfinder:2.1.51:*:*:*:*:*:*:*

Informations

Vendor

std42

Product

elfinder

Version

2.1.51

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-35840 2023-06-18 22h00 +00:00 _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
6.5
Medium
CVE-2021-43421 2022-04-07 14h18 +00:00 A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
9.8
Critical
CVE-2022-26960 2022-03-21 15h52 +00:00 connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
9.1
Critical
CVE-2021-32682 2021-06-14 14h45 +00:00 elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
9.8
Critical
CVE-2021-23394 2021-06-13 11h05 +00:00 The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
9.8
Critical