Vulnerabilities > Std42 > Elfinder > 2.1.60

DATE CVE VULNERABILITY TITLE RISK
2023-06-19 CVE-2023-35840 Path Traversal vulnerability in Std42 Elfinder
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
network
low complexity
std42 CWE-22
6.5
6.5
2022-04-11 CVE-2022-27115 Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder 2.1.60
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
network
low complexity
std42 CWE-434
7.5
7.5