Arbitrary Extraction Vulnerability in elFinder.NetCore's ExtractAsync Function

Arbitrary Extraction Vulnerability in elFinder.NetCore's ExtractAsync Function

CVE-2021-23427 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.

Learn more about our Web Application Penetration Testing UK.