studio-42/elfinder Security Advisories for 2.1.46 (9)
-
[HIGH] Studio 42 elFinder vulnerable to Incorrect Access Control
PKSA-sbbq-p6tj-yvtg CVE-2024-38909 GHSA-3h9f-mm2x-4j58
Affected version: <=2.1.64
Reported by:
GitHub -
[HIGH] elFinder vulnerable to path traversal in LocalVolumeDriver connector
PKSA-rhf7-t8yy-3p3g CVE-2023-35840 GHSA-wm5g-p99q-66g4
Affected version: <2.1.62
Reported by:
GitHub -
[CRITICAL] RCE in Studio-42 elFinder on Windows before 2.1.61
PKSA-3kwp-hcxk-dgv9 CVE-2022-27115 GHSA-6p96-vfrc-fv32
Affected version: <2.1.61
Reported by:
GitHub -
[CRITICAL] elFinder Unrestricted File Upload vulnerability
PKSA-dm6w-5d84-xg92 CVE-2021-43421 GHSA-x4jx-hjwf-gc99
Affected version: >=2.0.4,<2.1.60
Reported by:
GitHub -
[CRITICAL] Path Traversal in Studio-42 elFinder through 2.1.60
PKSA-jnq4-x2pg-3xw3 CVE-2022-26960 GHSA-7q88-jxvp-9gp2
Affected version: <=2.1.60
Reported by:
GitHub -
[CRITICAL] elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
PKSA-gch1-dd4b-dt85 CVE-2021-32682 GHSA-wph3-44rj-92pr
Affected version: <2.1.59
Reported by:
GitHub -
[HIGH] elFinder unsafe upload filtering leading to remote code execution
PKSA-xvcp-92ds-sjr2 CVE-2021-23394 GHSA-qm58-cvvm-c5qr
Affected version: <2.1.58
Reported by:
GitHub -
[HIGH] Fixed being bypassable of CVE-2019-6257 SSRF.
PKSA-g6pf-wn7z-5s1c CVE-2019-6257 GHSA-3qhm-qfj3-4rrx
Affected version: <2.1.49
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
PKSA-hs9f-pnbw-hxkp CVE-2019-9194 GHSA-4223-qj94-7x9p
Affected version: <2.1.48
Reported by:
GitHub, FriendsOfPHP/security-advisories