CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-9194

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile10.69th
Published2019年2月26日
Last Modified2024年11月21日

Vulnerability Description

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

Affected Platforms (CPE)

📦
Std42

Elfinder

< 2.1.48

References & Advisories

🔗 https://github.com/Studio-42/elFinder/blob/master/README.md
🔗 https://github.com/Studio-42/elFinder/compare/6884c4f...0740028
🔗 https://github.com/Studio-42/elFinder/releases/tag/2.1.48
🔗 https://www.exploit-db.com/exploits/46481/
🔗 https://www.exploit-db.com/exploits/46539/
🔗 https://github.com/Studio-42/elFinder/blob/master/README.md
🔗 https://github.com/Studio-42/elFinder/compare/6884c4f...0740028
🔗 https://github.com/Studio-42/elFinder/releases/tag/2.1.48

関連する脆弱性情報

CVE-2020-2521310.0

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP cod...

CVE-2021-321729.8

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder ...

CVE-2021-326829.8

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2....

CVE-2021-446639.8

A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinde...