GHSA-7q88-jxvp-9gp2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7q88-jxvp-9gp2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-7q88-jxvp-9gp2/GHSA-7q88-jxvp-9gp2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7q88-jxvp-9gp2
- Aliases
- Published
- 2022-03-22T00:00:41Z
- Modified
- 2024-02-16T07:57:42.381711Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Path Traversal in Studio-42 elFinder through 2.1.60
- Details
-
connector.minimal.phpin std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. - Database specific
{ "nvd_published_at": "2022-03-21T17:15:00Z", "cwe_ids": [ "CWE-22" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-07-07T19:15:57Z" }- References
Affected packages
Packagist / studio-42/elfinder
Package
- Name
- studio-42/elfinder
- Purl
- pkg:composer/studio-42/elfinder
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.61
Affected versions
2.*
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.20
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.27
2.1.28
2.1.29
2.1.30
2.1.31
2.1.32
2.1.33
2.1.34
2.1.35
2.1.36
2.1.37
2.1.38
2.1.39
2.1.40
2.1.41
2.1.42
2.1.43
2.1.44
2.1.45
2.1.46
2.1.47
2.1.48
2.1.49
2.1.50
2.1.51
2.1.52
2.1.53
2.1.54
2.1.55
2.1.56
2.1.57
2.1.58
2.1.59
2.1.60