QwikSec

Security Database

CVE

CWE

Training

CVE-2022-26960

Published: Mar 21, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.synacktiv.com/publications.html

x_refsource_MISC

https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db

x_refsource_MISC

https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.