📦 Elfinder

CVE-2024-38909 is an incorrect access control vulnerability in elFinder 2.1.64 that allows attackers to copy files with unauthorized extensions between server directories. This can lead to exposure of...

CVE-2022-27115 is a remote code execution vulnerability in elFinder file manager that allows attackers to bypass file upload restrictions by manipulating file names. This affects all systems running v...

This vulnerability allows remote attackers to upload arbitrary files including PHP scripts to elFinder web file managers, potentially leading to remote code execution. It affects all systems running e...

CVE-2022-26960 is a path traversal vulnerability in elFinder's connector.minimal.php that allows unauthenticated attackers to read, write, and browse files outside the configured document root. This a...

This vulnerability allows remote attackers to execute arbitrary PHP code on servers running vulnerable versions of elFinder file manager. Attackers can upload malicious .phar files that get executed a...

This vulnerability allows attackers to bypass filename restrictions in Studio-42 eLfinder 2.1.62, enabling persistent cross-site scripting (XSS) attacks. Attackers can inject malicious scripts into up...