Path Traversal Vulnerability in std42 elFinder

Path Traversal Vulnerability in std42 elFinder

CVE-2022-26960 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.

Learn more about our Web Application Penetration Testing UK.