漏洞描述
elFinder是一个基于PHP、Jquery的开源文件管理系统。std42elFinder到2.1.60中的php受路径遍历的影响。这允许未经身份验证的远程攻击者读取、写入和浏览配置文档根目录之外的文件。这是由于绝对文件路径处理不当所致。
elFinder <=2.1.60 - 任意文件读取(CVE-2022-26960)
PoC代码
暂无相关漏洞推荐
-
CVE-2019-9194: elFinder <= 2.1.47 - Command Injection POC
2025-08-01 | elFinderelFinder before 2.1.48 has a command injection vulnerability in the PHP connector. The vulnerability... -
CVE-2021-32682: elFinder 2.1.58 - Remote Code Execution POC
2025-08-01 | elFinderelFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an at... -
CVE-2021-43421: Studio-42 elFinder <2.1.60 - Arbitrary File Upload POC
2025-08-01 | Studio-42 elFinderStudio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minima... -
Webmin /package-updates/update.cgi 命令执行漏洞(CVE-2022-36446) 无POC
2025-09-05 | WebminWebmin是Webmin社区的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.997之前的版本存在安全漏洞,该漏洞源于其software/apt-lib.pl组件缺少对U... -
CVE-2022-0342: Zyxel authentication bypass patch analysis POC
2025-09-01 | ZyxelAn authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versio...