Std42 elFinder 2.1.53

CPE Details

Std42 elFinder 2.1.53
std42
elfinder
2.1.53
2021-06-22
14h54 +00:00
2021-06-22
15h19 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:std42:elfinder:2.1.53:*:*:*:*:*:*:*

Informations

Vendor

std42

Product

elfinder

Version

2.1.53

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-35840 2023-06-18 22h00 +00:00 _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
6.5
Moyen
CVE-2021-43421 2022-04-07 14h18 +00:00 A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
9.8
Critique
CVE-2022-26960 2022-03-21 15h52 +00:00 connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
9.1
Critique
CVE-2021-32682 2021-06-14 14h45 +00:00 elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
9.8
Critique
CVE-2021-23394 2021-06-13 11h05 +00:00 The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
9.8
Critique