EPSS
Percentile
99.4%
studio-42/elfinder is vulnerable to OS command injection. Improper processing of the image upload function in the PHP connector allows a remote attacker to inject and execute arbitrary OS commands on the host system.
packetstormsecurity.com/files/151960/elfinder2147-exec.txt