CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-9110

Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.3%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 7.5

References

Products affected by CVE-2018-9110

Std42 » Elfinder » Version: 1.0.1

cpe:2.3:a:std42:elfinder:1.0.1
Std42 » Elfinder » Version: 1.1

cpe:2.3:a:std42:elfinder:1.1
Std42 » Elfinder » Version: 1.2

cpe:2.3:a:std42:elfinder:1.2
Std42 » Elfinder » Version: 2.0

cpe:2.3:a:std42:elfinder:2.0
Std42 » Elfinder » Version: 2.0.3

cpe:2.3:a:std42:elfinder:2.0.3
Std42 » Elfinder » Version: 2.0.4

cpe:2.3:a:std42:elfinder:2.0.4
Std42 » Elfinder » Version: 2.0.5

cpe:2.3:a:std42:elfinder:2.0.5
Std42 » Elfinder » Version: 2.0.6

cpe:2.3:a:std42:elfinder:2.0.6
Std42 » Elfinder » Version: 2.0.7

cpe:2.3:a:std42:elfinder:2.0.7
Std42 » Elfinder » Version: 2.0.8

cpe:2.3:a:std42:elfinder:2.0.8
Std42 » Elfinder » Version: 2.0.9

cpe:2.3:a:std42:elfinder:2.0.9
Std42 » Elfinder » Version: 2.1.0

cpe:2.3:a:std42:elfinder:2.1.0
Std42 » Elfinder » Version: 2.1.1

cpe:2.3:a:std42:elfinder:2.1.1
Std42 » Elfinder » Version: 2.1.10

cpe:2.3:a:std42:elfinder:2.1.10
Std42 » Elfinder » Version: 2.1.11

cpe:2.3:a:std42:elfinder:2.1.11
Std42 » Elfinder » Version: 2.1.12

cpe:2.3:a:std42:elfinder:2.1.12
Std42 » Elfinder » Version: 2.1.13

cpe:2.3:a:std42:elfinder:2.1.13
Std42 » Elfinder » Version: 2.1.14

cpe:2.3:a:std42:elfinder:2.1.14
Std42 » Elfinder » Version: 2.1.15

cpe:2.3:a:std42:elfinder:2.1.15
Std42 » Elfinder » Version: 2.1.16

cpe:2.3:a:std42:elfinder:2.1.16
Std42 » Elfinder » Version: 2.1.17

cpe:2.3:a:std42:elfinder:2.1.17
Std42 » Elfinder » Version: 2.1.18

cpe:2.3:a:std42:elfinder:2.1.18
Std42 » Elfinder » Version: 2.1.19

cpe:2.3:a:std42:elfinder:2.1.19
Std42 » Elfinder » Version: 2.1.2

cpe:2.3:a:std42:elfinder:2.1.2
Std42 » Elfinder » Version: 2.1.20

cpe:2.3:a:std42:elfinder:2.1.20
Std42 » Elfinder » Version: 2.1.21

cpe:2.3:a:std42:elfinder:2.1.21
Std42 » Elfinder » Version: 2.1.22

cpe:2.3:a:std42:elfinder:2.1.22
Std42 » Elfinder » Version: 2.1.23

cpe:2.3:a:std42:elfinder:2.1.23
Std42 » Elfinder » Version: 2.1.24

cpe:2.3:a:std42:elfinder:2.1.24
Std42 » Elfinder » Version: 2.1.25

cpe:2.3:a:std42:elfinder:2.1.25
Std42 » Elfinder » Version: 2.1.26

cpe:2.3:a:std42:elfinder:2.1.26
Std42 » Elfinder » Version: 2.1.27

cpe:2.3:a:std42:elfinder:2.1.27
Std42 » Elfinder » Version: 2.1.28

cpe:2.3:a:std42:elfinder:2.1.28
Std42 » Elfinder » Version: 2.1.29

cpe:2.3:a:std42:elfinder:2.1.29
Std42 » Elfinder » Version: 2.1.3

cpe:2.3:a:std42:elfinder:2.1.3
Std42 » Elfinder » Version: 2.1.30

cpe:2.3:a:std42:elfinder:2.1.30
Std42 » Elfinder » Version: 2.1.31

cpe:2.3:a:std42:elfinder:2.1.31
Std42 » Elfinder » Version: 2.1.32

cpe:2.3:a:std42:elfinder:2.1.32
Std42 » Elfinder » Version: 2.1.33

cpe:2.3:a:std42:elfinder:2.1.33
Std42 » Elfinder » Version: 2.1.34

cpe:2.3:a:std42:elfinder:2.1.34
Std42 » Elfinder » Version: 2.1.35

cpe:2.3:a:std42:elfinder:2.1.35
Std42 » Elfinder » Version: 2.1.36

cpe:2.3:a:std42:elfinder:2.1.36
Std42 » Elfinder » Version: 2.1.4

cpe:2.3:a:std42:elfinder:2.1.4
Std42 » Elfinder » Version: 2.1.5

cpe:2.3:a:std42:elfinder:2.1.5
Std42 » Elfinder » Version: 2.1.6

cpe:2.3:a:std42:elfinder:2.1.6
Std42 » Elfinder » Version: 2.1.7

cpe:2.3:a:std42:elfinder:2.1.7
Std42 » Elfinder » Version: 2.1.8

cpe:2.3:a:std42:elfinder:2.1.8
Std42 » Elfinder » Version: 2.1.9

cpe:2.3:a:std42:elfinder:2.1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-9110

Products

Pricing

Contact Us