Описание
This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.
Ссылки
- https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73PatchThird Party Advisory
- Third Party Advisory
- ExploitPatchThird Party Advisory
- https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73PatchThird Party Advisory
- Third Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.4 (исключая)
cpe:2.3:a:elfinder.net.core_project:elfinder.net.core:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00532
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
EPSS
Процентиль: 67%
0.00532
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22