Home/Product/std42 elfinder
Product

std42 elfinder

17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-41247
< 2.1.67
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a comma
9.8CRITICAL
 CVE-2023-52045
all versions
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability.
6.1MEDIUM
 CVE-2023-52044
all versions
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .ph
9.8CRITICAL
 CVE-2024-38909
all versions
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server d
9.8CRITICAL
 CVE-2023-35840
< 2.1.62
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver
6.5MEDIUM
 CVE-2022-27115
all versions
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
9.8CRITICAL
 CVE-2021-43421
>= 2.0.4 and <= 2.1.59
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote maliciou
9.8CRITICAL
 CVE-2022-26960
< 2.1.61
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers
9.1CRITICAL
 CVE-2021-45919
<= 2.1.31
Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.
5.4MEDIUM
 CVE-2021-32682
< 2.1.59
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.
9.8CRITICAL
 CVE-2021-23394
< 2.1.58
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar fi
8.1HIGH
 CVE-2019-9194
< 2.1.48
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
9.8CRITICAL
 CVE-2019-6257
< 2.1.46
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of
7.7HIGH
 CVE-2019-5884
< 2.1.45
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedi
5.9MEDIUM
 CVE-2018-9110
< 2.1.37
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can
9.1CRITICAL
 CVE-2018-9109
< 2.1.36
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can
9.1CRITICAL
 CVE-2013-1972
all versions
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh