Security Advisories - studio-42/elfinder

studio-42/elfinder Security Advisories for 2.1.28 (13)

[HIGH] Studio 42 elFinder vulnerable to Incorrect Access Control

PKSA-sbbq-p6tj-yvtg CVE-2024-38909 GHSA-3h9f-mm2x-4j58

Affected version: <=2.1.64

Reported by:
GitHub
[HIGH] elFinder vulnerable to path traversal in LocalVolumeDriver connector

PKSA-rhf7-t8yy-3p3g CVE-2023-35840 GHSA-wm5g-p99q-66g4

Affected version: <2.1.62

Reported by:
GitHub
[CRITICAL] Directory Traversal in Studio 42 elFinder

PKSA-pvq3-m4zr-y74q CVE-2018-9110 GHSA-44p8-c3wv-f28r

Affected version: >=2.1.12,<=2.1.36

Reported by:
GitHub
[CRITICAL] elFinder Path Traversal vulnerability

PKSA-xcvp-8b6t-mf12 CVE-2018-9109 GHSA-45x3-mw7q-wf7f

Affected version: <2.1.36

Reported by:
GitHub
[MEDIUM] Sensitive Data Exposure in elFinder

PKSA-p1nb-y2n9-s82t CVE-2019-5884 GHSA-jcgc-vxqg-85xx

Affected version: <2.1.45

Reported by:
GitHub
[CRITICAL] RCE in Studio-42 elFinder on Windows before 2.1.61

PKSA-3kwp-hcxk-dgv9 CVE-2022-27115 GHSA-6p96-vfrc-fv32

Affected version: <2.1.61

Reported by:
GitHub
[CRITICAL] elFinder Unrestricted File Upload vulnerability

PKSA-dm6w-5d84-xg92 CVE-2021-43421 GHSA-x4jx-hjwf-gc99

Affected version: >=2.0.4,<2.1.60

Reported by:
GitHub
[CRITICAL] Path Traversal in Studio-42 elFinder through 2.1.60

PKSA-jnq4-x2pg-3xw3 CVE-2022-26960 GHSA-7q88-jxvp-9gp2

Affected version: <=2.1.60

Reported by:
GitHub
[MEDIUM] Studio 42 elFinder allows stored XSS

PKSA-5jtb-v97q-98xn CVE-2021-45919 GHSA-c3j8-q5x6-2855

Affected version: <=2.1.31

Reported by:
GitHub
[CRITICAL] elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE

PKSA-gch1-dd4b-dt85 CVE-2021-32682 GHSA-wph3-44rj-92pr

Affected version: <2.1.59

Reported by:
GitHub
[HIGH] elFinder unsafe upload filtering leading to remote code execution

PKSA-xvcp-92ds-sjr2 CVE-2021-23394 GHSA-qm58-cvvm-c5qr

Affected version: <2.1.58

Reported by:
GitHub
[HIGH] Fixed being bypassable of CVE-2019-6257 SSRF.

PKSA-g6pf-wn7z-5s1c CVE-2019-6257 GHSA-3qhm-qfj3-4rrx

Affected version: <2.1.49

Reported by:
GitHub, FriendsOfPHP/security-advisories
[CRITICAL] elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

PKSA-hs9f-pnbw-hxkp CVE-2019-9194 GHSA-4223-qj94-7x9p

Affected version: <2.1.48

Reported by:
GitHub, FriendsOfPHP/security-advisories

studio-42/elfinder Security Advisories for 2.1.28 (13)

[HIGH] Studio 42 elFinder vulnerable to Incorrect Access Control

[HIGH] elFinder vulnerable to path traversal in LocalVolumeDriver connector

[CRITICAL] Directory Traversal in Studio 42 elFinder

[CRITICAL] elFinder Path Traversal vulnerability

[MEDIUM] Sensitive Data Exposure in elFinder

[CRITICAL] RCE in Studio-42 elFinder on Windows before 2.1.61

[CRITICAL] elFinder Unrestricted File Upload vulnerability

[CRITICAL] Path Traversal in Studio-42 elFinder through 2.1.60

[MEDIUM] Studio 42 elFinder allows stored XSS

[CRITICAL] elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE

[HIGH] elFinder unsafe upload filtering leading to remote code execution

[HIGH] Fixed being bypassable of CVE-2019-6257 SSRF.

[CRITICAL] elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.