Skip to content

Studio 42 elFinder vulnerable to Incorrect Access Control

High severity GitHub Reviewed Published Jul 30, 2024 to the GitHub Advisory Database • Updated Aug 9, 2024

Package

composer studio-42/elfinder (Composer)

Affected versions

<= 2.1.64

Patched versions

None

Description

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.

References

Published by the National Vulnerability Database Jul 30, 2024
Published to the GitHub Advisory Database Jul 30, 2024
Reviewed Jul 30, 2024
Last updated Aug 9, 2024

Severity

High

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2024-38909

GHSA ID

GHSA-3h9f-mm2x-4j58

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.