CVE-2022-26960
Published
CVSS v3
9.1
CRITICAL
CVSS v2
5.8
MEDIUM
Affected
1
PROJECT
Description
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
📁 Open-source file manager for web, written in JavaScript using jQuery and jQuery UI
GitHub