Vulnerability Details CVE-2021-23407
This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73
- https://github.com/trannamtrung1st/elFinder.Net.Core/releases/tag/all-1.2.4
- https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1315152
- https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73
- https://github.com/trannamtrung1st/elFinder.Net.Core/releases/tag/all-1.2.4
- https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1315152
Products affected by CVE-2021-23407
-
cpe:2.3:a:elfinder.net.core_project:elfinder.net.core:1.1.1
-
cpe:2.3:a:elfinder.net.core_project:elfinder.net.core:1.1.2
-
cpe:2.3:a:elfinder.net.core_project:elfinder.net.core:1.2.0
-
cpe:2.3:a:elfinder.net.core_project:elfinder.net.core:1.2.1
-
cpe:2.3:a:elfinder.net.core_project:elfinder.net.core:1.2.2
-
cpe:2.3:a:elfinder.net.core_project:elfinder.net.core:1.2.3