![]() In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.Ī File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via, which allows a remote malicious user to upload arbitrary files and execute PHP code. This is due to improper handling of absolute file paths. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. phar files as PHP.Ĭ in std42 elFinder through 2.1.60 is affected by path traversal. NOTE: This only applies if the server parses. The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a. As a workaround, ensure the connector is not exposed without authentication. ![]() The issues were patched in version 2.1.59. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. Several vulnerabilities affect elFinder 2.1.58. ElFinder is an open-source file manager for web, written in JavaScript using jQuery UI.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |