Lucene search
GoogleOSV:GHSA-44P8-C3WV-F28RHistoryMay 13, 2022 - 1:06 a.m.
Directory Traversal in Studio 42 elFinder
2022-05-1301:06:17
Google
osv.dev
5
studio 42 elfinder
directory traversal
zipdl function
remote attacker
web server process
file download
file deletion
incomplete fix
cve-2018-9109
EPSS
0.004
Percentile
74.7%
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
Related
osv
osv
elFinder Path Traversal vulnerability
2022-05-13 01:06:16
CVE-2018-9110
2018-03-28 14:29:00
CVE-2018-9109
2018-03-28 06:29:00
nvd
nvd
CVE-2018-9110
2018-03-28 14:29:00
CVE-2018-9109
2018-03-28 06:29:00
cve
cve
CVE-2018-9110
2018-03-28 14:29:00
CVE-2018-9109
2018-03-28 06:29:00
prion
prion
Directory traversal
2018-03-28 14:29:00
Directory traversal
2018-03-28 06:29:00
cvelist
cvelist
CVE-2018-9110
2018-03-28 14:00:00
CVE-2018-9109
2018-03-28 06:00:00
veracode
veracode
Directory Traversal
2018-05-25 02:02:04
Directory Traversal
2018-05-25 01:34:12
github
github
Directory Traversal in Studio 42 elFinder
2022-05-13 01:06:17
elFinder Path Traversal vulnerability
2022-05-13 01:06:16