elFinder 漏洞列表
共找到 11 个与 elFinder 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2019-9194: elFinder <= 2.1.47 - Command Injection POC
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. The vulnerability occurs when performing image operations on JPEG files, where the filename is passed to the `exiftran` utility without proper sanitization, allowing command injection. -
CVE-2021-32682: elFinder 2.1.58 - Remote Code Execution POC
elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. -
CVE-2021-43421: Studio-42 elFinder <2.1.60 - Arbitrary File Upload POC
Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code. -
CVE-2022-26960: elFinder <=2.1.60 - Local File Inclusion POC
elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. -
elFinder CVE-2021-23394 远程代码执行漏洞 无POC
elFinder 存在远程代码执行漏洞,此漏洞是由于connector.minimal.php对用户数据缺乏校验导致的。 -
elFinder CVE-2021-43421远程代码执行漏洞 无POC
elFinder存在远程代码执行漏洞,此漏洞是缺乏校验导致的。 -
Studio-42 elFinder CVE-2022-27115任意文件上传漏洞 无POC
-
elFinder CVE-2022-26960目录遍历漏洞 无POC
-
elFinder CVE-2022-26960目录遍历漏洞 无POC
-
elFinder <=2.1.60 - 任意文件读取(CVE-2022-26960) 无POC
elFinder是一个基于PHP、Jquery的开源文件管理系统。std42elFinder到2.1.60中的php受路径遍历的影响。这允许未经身份验证的远程攻击者读取、写入和浏览配置文档根目录之外的文件。这是由于绝对文件路径处理不当所致。 -
elFinder ZIP 参数与任意命令注入(CVE-2021-32682) 无POC
elFinder是一个基于PHP、Jquery的开源文件管理系统。 在elFinder2.1.48及以前的版本中,存在一处参数注入漏洞。攻击者可以利用这个漏洞在目标服务器上执行任意命令,即使是最小化安装的elFinder。这个漏洞的原因除了参数注入外,还有默认情况下的未授权访问,因此我们可以对elFinder增加权限校验,避免任意用户操作服务器上的文件,进而避免被执行任意命令。