Arbitrary Extraction Vulnerability in elFinder.NetCore's ExtractAsync Function
CVE-2021-23427 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.
Learn more about our Web Application Penetration Testing UK.