QwikSec

Security Database

CVE

CWE

Training

CVE-2018-9109

Published: Mar 28, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Studio-42/elFinder/commit/157f471d7e48f190f74e66eb5bc73360b5352fd3

x_refsource_CONFIRM

https://github.com/Studio-42/elFinder/wiki/Advisory-about-vulnerability-of-CVE-2018-9109-and-CVE-2018-9110

x_refsource_CONFIRM

https://github.com/Studio-42/elFinder/releases/tag/2.1.36

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2018-9109 - Security Vulnerability | QwikSec