GHSA-4223-qj94-7x9p

Source

https://github.com/advisories/GHSA-4223-qj94-7x9p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4223-qj94-7x9p/GHSA-4223-qj94-7x9p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4223-qj94-7x9p

Aliases

CVE-2019-9194

Published

2022-05-13T01:23:02Z

Modified

2024-02-16T08:19:38.421012Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

elFinder command injection vulnerability in the PHP connector

Details

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

Database specific

{
    "nvd_published_at": "2019-02-26T19:29:00Z",
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-10T19:05:33Z"
}

References

Affected packages

Packagist / studio-42/elfinder

Package

Name: studio-42/elfinder
Purl: pkg:composer/studio-42/elfinder

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.48

Affected versions

2.*

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.1.20

2.1.21

2.1.22

2.1.23

2.1.24

2.1.25

2.1.26

2.1.27

2.1.28

2.1.29

2.1.30

2.1.31

2.1.32

2.1.33

2.1.34

2.1.35

2.1.36

2.1.37

2.1.38

2.1.39

2.1.40

2.1.41

2.1.42

2.1.43

2.1.44

2.1.45

2.1.46

2.1.47