exploitDog

CVE-2023-35840

Опубликовано: 19 июн. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.

Ссылки

https://github.com/Studio-42/elFinder/commit/bb9aaa7b096a1b83f2f85657c43f12131ece2891
Patch
Vendor Advisory
https://github.com/Studio-42/elFinder/security/advisories/GHSA-wm5g-p99q-66g4
Exploit
Vendor Advisory
https://github.com/afine-com/CVE-2023-35840
Exploit
Third Party Advisory
https://github.com/sectroyer/CVEs/tree/main/CVE-2023-35840
Exploit
Third Party Advisory
https://github.com/Studio-42/elFinder/commit/bb9aaa7b096a1b83f2f85657c43f12131ece2891
Patch
Vendor Advisory
https://github.com/Studio-42/elFinder/security/advisories/GHSA-wm5g-p99q-66g4
Exploit
Vendor Advisory
https://github.com/afine-com/CVE-2023-35840
Exploit
Third Party Advisory
https://github.com/sectroyer/CVEs/tree/main/CVE-2023-35840
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:*

Версия до 2.1.62 (исключая)

EPSS

Процентиль: 90%

0.05222

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-wm5g-p99q-66g4

CVSS3: 7.5

github

больше 2 лет назад

elFinder vulnerable to path traversal in LocalVolumeDriver connector

EPSS

Процентиль: 90%

0.05222

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

CWE-22