Vulnerabilities > Std42 > Elfinder > 2.1.59

DATE CVE VULNERABILITY TITLE RISK
2023-06-19 CVE-2023-35840 Path Traversal vulnerability in Std42 Elfinder
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
network
low complexity
std42 CWE-22
6.5
6.5
2022-04-07 CVE-2021-43421 Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
network
low complexity
std42 CWE-434
critical
 9.8
9.8
2022-03-21 CVE-2022-26960 Path Traversal vulnerability in Std42 Elfinder
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal.
network
low complexity
std42 CWE-22
critical
 9.1
9.1