CVE-2018-9110

Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:*

Information

Published : 2018-03-28 07:29

Updated : 2021-09-09 05:50


NVD link : CVE-2018-9110

Mitre link : CVE-2018-9110


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

std42

  • elfinder