HomePentest-Tools.com Logo

elFinder <=2.1.60 - Local File Inclusion CVE-2022-26960

Severity
CVSSv3 Score
9.1
Vulnerability description

elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.\n

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.

Recommendation

Upgrade elFinder to version 2.1.61 or later to mitigate this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Mar 21, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available