Vulnerabilities > Std42

DATE CVE VULNERABILITY TITLE RISK
2023-06-19 CVE-2023-35840 Path Traversal vulnerability in Std42 Elfinder
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
network
low complexity
std42 CWE-22
6.5
2022-04-11 CVE-2022-27115 Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder 2.1.60
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
network
low complexity
std42 CWE-434
critical
9.8
2022-04-07 CVE-2021-43421 Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
network
low complexity
std42 CWE-434
critical
9.8
2022-03-21 CVE-2022-26960 Path Traversal vulnerability in Std42 Elfinder
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal.
network
low complexity
std42 CWE-22
critical
9.1
2022-02-08 CVE-2021-45919 Cross-site Scripting vulnerability in Std42 Elfinder
Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.
network
low complexity
std42 CWE-79
5.4
2021-06-14 CVE-2021-32682 Unspecified vulnerability in Std42 Elfinder
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI.
network
low complexity
std42
critical
9.8
2021-06-13 CVE-2021-23394 Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file.
network
low complexity
std42 CWE-434
critical
9.8
2019-02-26 CVE-2019-9194 OS Command Injection vulnerability in Std42 Elfinder
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
network
low complexity
std42 CWE-78
critical
9.8
2019-01-14 CVE-2019-6257 Server-Side Request Forgery (SSRF) vulnerability in Std42 Elfinder
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources.
network
low complexity
std42 CWE-918
7.7
2019-01-10 CVE-2019-5884 Information Exposure vulnerability in Std42 Elfinder
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.
network
high complexity
std42 CWE-200
5.9