Directory Traversal and File Deletion Vulnerability in Studio 42 elFinder

Directory Traversal and File Deletion Vulnerability in Studio 42 elFinder

CVE-2018-9109 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.

Learn more about our Web App Pen Testing.