Vulnerabilities > Std42 > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-27115 | Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder 2.1.60 In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. | 9.8 |
| 2022-04-07 | CVE-2021-43421 | Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. | 9.8 |
| 2022-03-21 | CVE-2022-26960 | Path Traversal vulnerability in Std42 Elfinder connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. | 9.1 |
| 2021-06-14 | CVE-2021-32682 | Unspecified vulnerability in Std42 Elfinder elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. | 9.8 |
| 2021-06-13 | CVE-2021-23394 | Unrestricted Upload of File with Dangerous Type vulnerability in Std42 Elfinder The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. | 9.8 |
| 2019-02-26 | CVE-2019-9194 | OS Command Injection vulnerability in Std42 Elfinder elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. | 9.8 |
| 2018-03-28 | CVE-2018-9110 | Path Traversal vulnerability in Std42 Elfinder Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | 9.1 |
| 2018-03-28 | CVE-2018-9109 | Path Traversal vulnerability in Std42 Elfinder Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | 9.1 |