CVE-2018-9109

Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:*

Information

Published : 2018-03-27 23:29

Updated : 2021-09-09 05:51


NVD link : CVE-2018-9109

Mitre link : CVE-2018-9109


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

std42

  • elfinder