elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
References
Link | Resource |
---|---|
https://github.com/Studio-42/elFinder/releases/tag/2.1.48 | Release Notes Third Party Advisory |
https://github.com/Studio-42/elFinder/compare/6884c4f...0740028 | Patch Third Party Advisory |
https://github.com/Studio-42/elFinder/blob/master/README.md | Third Party Advisory Product |
https://www.exploit-db.com/exploits/46481/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/46539/ | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2019-02-26 11:29
Updated : 2020-08-24 10:37
NVD link : CVE-2019-9194
Mitre link : CVE-2019-9194
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
std42
- elfinder