[HIGH] Studio 42 elFinder vulnerable to Incorrect Access Control

PKSA-sbbq-p6tj-yvtg CVE-2024-38909 GHSA-3h9f-mm2x-4j58

Affected version: <=2.1.64

Reported by:
GitHub

[HIGH] elFinder vulnerable to path traversal in LocalVolumeDriver connector

PKSA-rhf7-t8yy-3p3g CVE-2023-35840 GHSA-wm5g-p99q-66g4

Affected version: <2.1.62

Reported by:
GitHub

[CRITICAL] RCE in Studio-42 elFinder on Windows before 2.1.61

PKSA-3kwp-hcxk-dgv9 CVE-2022-27115 GHSA-6p96-vfrc-fv32

Affected version: <2.1.61

Reported by:
GitHub

[CRITICAL] elFinder Unrestricted File Upload vulnerability

PKSA-dm6w-5d84-xg92 CVE-2021-43421 GHSA-x4jx-hjwf-gc99

Affected version: >=2.0.4,<2.1.60

Reported by:
GitHub

[CRITICAL] Path Traversal in Studio-42 elFinder through 2.1.60

PKSA-jnq4-x2pg-3xw3 CVE-2022-26960 GHSA-7q88-jxvp-9gp2

Affected version: <=2.1.60

Reported by:
GitHub

[CRITICAL] elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE

PKSA-gch1-dd4b-dt85 CVE-2021-32682 GHSA-wph3-44rj-92pr

Affected version: <2.1.59

Reported by:
GitHub

[HIGH] elFinder unsafe upload filtering leading to remote code execution

PKSA-xvcp-92ds-sjr2 CVE-2021-23394 GHSA-qm58-cvvm-c5qr

Affected version: <2.1.58

Reported by:
GitHub

[HIGH] Fixed being bypassable of CVE-2019-6257 SSRF.

PKSA-g6pf-wn7z-5s1c CVE-2019-6257 GHSA-3qhm-qfj3-4rrx

Affected version: <2.1.49

Reported by:
GitHub, FriendsOfPHP/security-advisories

[CRITICAL] elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

PKSA-hs9f-pnbw-hxkp CVE-2019-9194 GHSA-4223-qj94-7x9p

Affected version: <2.1.48

Reported by:
GitHub, FriendsOfPHP/security-advisories