← voltar
CVE-2022-26960

CVE-2022-26960

EPSS 51.0%
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6dbhttps://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.htmlhttps://www.synacktiv.com/publications.html