CVE-2021-23394
Published
CVSS v3
8.1
HIGH
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT
Description
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
📁 Open-source file manager for web, written in JavaScript using jQuery and jQuery UI
GitHub