Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-23394: Snyk Vulnerability Database | Snyk

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.

CVE
#vulnerability#web#java#php#rce

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

  • Snyk ID SNYK-PHP-STUDIO42ELFINDER-1290554
  • published 13 Jun 2021
  • disclosed 9 May 2021
  • credit Ashok Chand

How to fix?

Upgrade studio-42/elfinder to version 2.1.58 or higher.

Overview

studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server is configured to parse .phar files as PHP.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907