Lucene search
Veracode Vulnerability DatabaseVERACODE:6379HistoryMay 25, 2018 - 2:02 a.m.
Directory Traversal
2018-05-2502:02:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
EPSS
0.004
Percentile
74.7%
studio-42/elfinder is vulnerable to directory traversals. The application does not properly validate the file parameter in the zipdl function of elFinder.class.php, allowing a malicious user to conduct a directory traversals attack, and may cause file deletion. This vulnerability exists due to an incomplete fix in CVE-2018-9109.
References
github.com/Studio-42/elFinder/commit/e6351557b86cc10a7651253d2d2aff7f6b918f8e
github.com/Studio-42/elFinder/releases/tag/2.1.37
github.com/Studio-42/elFinder/wiki/Advisory-about-vulnerability-of-CVE-2018-9109-and-CVE-2018-9110
www.sourceclear.com/vulnerability-database/security/directory-traversal/php/sid-6378/summary#query=6378
Related
osv
osv
elFinder Path Traversal vulnerability
2022-05-13 01:06:16
Directory Traversal in Studio 42 elFinder
2022-05-13 01:06:17
CVE-2018-9110
2018-03-28 14:29:00
cve
cve
CVE-2018-9110
2018-03-28 14:29:00
CVE-2018-9109
2018-03-28 06:29:00
nvd
nvd
CVE-2018-9110
2018-03-28 14:29:00
CVE-2018-9109
2018-03-28 06:29:00
prion
prion
Directory traversal
2018-03-28 14:29:00
Directory traversal
2018-03-28 06:29:00
cvelist
cvelist
CVE-2018-9110
2018-03-28 14:00:00
CVE-2018-9109
2018-03-28 06:00:00
github
github
Directory Traversal in Studio 42 elFinder
2022-05-13 01:06:17
elFinder Path Traversal vulnerability
2022-05-13 01:06:16
veracode
veracode
Directory Traversal
2018-05-25 01:34:12