Headline
GHSA-wm5g-p99q-66g4: Path Traversal vulnerability in PHP LocalVolumeDriver connector
Impact
Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system.
Patches
This vulnerability has been fixed in elFinder 2.1.62. Installation managers should update to the latest version as soon as possible.
Workarounds
If you cannot update for some reason, you must stop using it or prohibit writing to untrusted users.
References
Awaiting CVE ID.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-wm5g-p99q-66g4
Path Traversal vulnerability in PHP LocalVolumeDriver connector
High severity GitHub Reviewed Published Jun 13, 2023 in Studio-42/elFinder • Updated Jun 14, 2023
Package
composer studio-42/elfinder (Composer)
Affected versions
< 2.1.62
Impact
Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system.
Patches
This vulnerability has been fixed in elFinder 2.1.62. Installation managers should update to the latest version as soon as possible.
Workarounds
If you cannot update for some reason, you must stop using it or prohibit writing to untrusted users.
References
Awaiting CVE ID.
References
- GHSA-wm5g-p99q-66g4
- Studio-42/elFinder@bb9aaa7
Published to the GitHub Advisory Database
Jun 14, 2023
Last updated
Jun 14, 2023