Lucene search
GoogleOSV:GHSA-3QHM-QFJ3-4RRXHistoryMay 13, 2022 - 1:06 a.m.
elFinder Server Side Request Forgery (SSRF)
2022-05-1301:06:16
Google
osv.dev
3
elfinder
ssrf
vulnerability
access
network resources
get_remote_contents()
EPSS
0.001
Percentile
31.4%
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.49 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
References
github.com/FriendsOfPHP/security-advisories/blob/master/studio-42/elfinder/CVE-2019-6257.yaml
github.com/Studio-42/elFinder
github.com/Studio-42/elFinder/blob/2.1.49/Changelog
github.com/Studio-42/elFinder/commit/2f522db8f037a66ce9040ee0b216aa4a0359286c
github.com/Studio-42/elFinder/releases/tag/2.1.49
nvd.nist.gov/vuln/detail/CVE-2019-6257
Related
cvelist
cvelist
CVE-2019-6257
2019-01-14 07:00:00
prion
prion
Server side request forgery (ssrf)
2019-01-14 08:29:00
github
github
elFinder Server Side Request Forgery (SSRF)
2022-05-13 01:06:16
cve
cve
CVE-2019-6257
2019-01-14 08:29:00
friendsofphp
friendsofphp
Fixed being bypassable of CVE-2019-6257 SSRF.
2019-04-16 15:19:14
Fixed being bypassable of CVE-2019-6257 SSRF.
2019-04-16 15:19:14
openvas
openvas
elFinder < 2.1.46 SSRF Vulnerability
2019-01-15 00:00:00
osv
osv
CVE-2019-6257
2019-01-14 08:29:00
nvd
nvd
CVE-2019-6257
2019-01-14 08:29:00