Vulnerabilities > Std42

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-19	CVE-2023-35840	Path Traversal vulnerability in Std42 Elfinder _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. network low complexity std42 CWE-22	6.5
2022-04-11	CVE-2022-27115	Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder 2.1.60 In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. network low complexity std42 CWE-434 critical	9.8
2022-04-07	CVE-2021-43421	Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. network low complexity std42 CWE-434 critical	9.8
2022-03-21	CVE-2022-26960	Path Traversal vulnerability in Std42 Elfinder connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. network low complexity std42 CWE-22 critical	9.1
2022-02-08	CVE-2021-45919	Cross-site Scripting vulnerability in Std42 Elfinder Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. network low complexity std42 CWE-79	5.4
2021-06-14	CVE-2021-32682	Server-Side Request Forgery (SSRF) vulnerability in Std42 Elfinder elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. network low complexity std42 CWE-918 critical	9.8
2021-06-13	CVE-2021-23394	Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. network low complexity std42 CWE-434 critical	9.8
2019-02-26	CVE-2019-9194	OS Command Injection vulnerability in Std42 Elfinder elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. network low complexity std42 CWE-78 critical	9.8
2019-01-14	CVE-2019-6257	Server-Side Request Forgery (SSRF) vulnerability in Std42 Elfinder A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. network low complexity std42 CWE-918	7.7
2019-01-10	CVE-2019-5884	Information Exposure vulnerability in Std42 Elfinder php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. network high complexity std42 CWE-200	5.9

Vulnerabilities > Std42 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Std42"}]}

Vulnerabilities > Std42