CVE-2019-6257

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-6257

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6257.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-6257

Aliases

GHSA-3qhm-qfj3-4rrx

Published

2019-01-14T08:29:00.473Z

Modified

2026-04-10T04:19:43.882527Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in getremotecontents() in php/elFinder.class.php.

References

Affected packages

Git / github.com/studio-42/elfinder

Affected ranges

Type

GIT

Repo

https://github.com/studio-42/elfinder

Events

Introduced

Fixed

67799d42e7ee0afd3ed13e95f935694a8b3820d1

Fixed

2f522db8f037a66ce9040ee0b216aa4a0359286c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.1.46"
        }
    ]
}

Affected versions

1.*

1.0.1

2.*

2.0-beta

2.1.0

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.1.2

2.1.20

2.1.21

2.1.22

2.1.23

2.1.24

2.1.25

2.1.26

2.1.27

2.1.28

2.1.29

2.1.3

2.1.30

2.1.31

2.1.32

2.1.33

2.1.34

2.1.35

2.1.36

2.1.37

2.1.38

2.1.39

2.1.4

2.1.40

2.1.41

2.1.42

2.1.43

2.1.44

2.1.45

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6257.json"