Security Advisory

CVE-2022-26960

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-21 16:52:38

Last updated 2024-08-03 05:18:38

Assigner mitre

State PUBLISHED

Description

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.

← Browse all CVEs View on cve.org ↗