Std42: >> Elfinder >> 2.1.60 Security Vulnerabilities
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
CVSS Score
6.5
EPSS Score
0.052
Published
2023-06-19
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
CVSS Score
9.8
EPSS Score
0.148
Published
2022-04-11
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
CVSS Score
9.1
EPSS Score
0.864
Published
2022-03-21