{"url":"http://public2.vulnerablecode.io/api/packages/506561?format=json","purl":"pkg:composer/studio-42/elfinder@2.1.51","type":"composer","namespace":"studio-42","name":"elfinder","version":"2.1.51","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.1.62","latest_non_vulnerable_version":"2.1.68","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208573?format=json","vulnerability_id":"VCID-5vpw-j3w8-gbce","summary":"Path Traversal in Studio-42 elFinder through 2.1.60","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26960","reference_id":"","reference_type":"","scores":[{"value":"0.84151","scoring_system":"epss","scoring_elements":"0.99328","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26960"},{"reference_url":"https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db"},{"reference_url":"https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html"},{"reference_url":"https://www.synacktiv.com/publications.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.synacktiv.com/publications.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26960","reference_id":"CVE-2022-26960","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26960"},{"reference_url":"https://github.com/advisories/GHSA-7q88-jxvp-9gp2","reference_id":"GHSA-7q88-jxvp-9gp2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7q88-jxvp-9gp2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19816?format=json","purl":"pkg:composer/studio-42/elfinder@2.1.61","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7akg-fv5t-6bbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.61"}],"aliases":["CVE-2022-26960","GHSA-7q88-jxvp-9gp2"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vpw-j3w8-gbce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137969?format=json","vulnerability_id":"VCID-7akg-fv5t-6bbf","summary":"_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35840","reference_id":"","reference_type":"","scores":[{"value":"0.06261","scoring_system":"epss","scoring_elements":"0.91116","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35840"},{"reference_url":"https://github.com/Studio-42/elFinder/commit/bb9aaa7b096a1b83f2f85657c43f12131ece2891","reference_id":"bb9aaa7b096a1b83f2f85657c43f12131ece2891","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T20:05:30Z/"}],"url":"https://github.com/Studio-42/elFinder/commit/bb9aaa7b096a1b83f2f85657c43f12131ece2891"},{"reference_url":"https://github.com/afine-com/CVE-2023-35840","reference_id":"CVE-2023-35840","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T20:05:30Z/"}],"url":"https://github.com/afine-com/CVE-2023-35840"},{"reference_url":"https://github.com/sectroyer/CVEs/tree/main/CVE-2023-35840","reference_id":"CVE-2023-35840","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T20:05:30Z/"}],"url":"https://github.com/sectroyer/CVEs/tree/main/CVE-2023-35840"},{"reference_url":"https://github.com/Studio-42/elFinder/security/advisories/GHSA-wm5g-p99q-66g4","reference_id":"GHSA-wm5g-p99q-66g4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T20:05:30Z/"}],"url":"https://github.com/Studio-42/elFinder/security/advisories/GHSA-wm5g-p99q-66g4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381851?format=json","purl":"pkg:composer/studio-42/elfinder@2.1.62","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.62"}],"aliases":["CVE-2023-35840","GHSA-wm5g-p99q-66g4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7akg-fv5t-6bbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/339996?format=json","vulnerability_id":"VCID-fxyn-sh8a-1uh9","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/164173/elFinder-Archive-Command-Injection.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/164173/elFinder-Archive-Command-Injection.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32682","reference_id":"","reference_type":"","scores":[{"value":"0.92768","scoring_system":"epss","scoring_elements":"0.9977","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32682"},{"reference_url":"https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities"},{"reference_url":"https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17"},{"reference_url":"https://github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qr","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qr"},{"reference_url":"https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32682","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383424?format=json","purl":"pkg:composer/studio-42/elfinder@2.1.59","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vpw-j3w8-gbce"},{"vulnerability":"VCID-7akg-fv5t-6bbf"},{"vulnerability":"VCID-r4ng-v49y-cyed"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.59"}],"aliases":["CVE-2021-32682","GHSA-wph3-44rj-92pr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxyn-sh8a-1uh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208732?format=json","vulnerability_id":"VCID-r4ng-v49y-cyed","summary":"elFinder Unrestricted File Upload vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43421","reference_id":"","reference_type":"","scores":[{"value":"0.79545","scoring_system":"epss","scoring_elements":"0.99108","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43421"},{"reference_url":"https://github.com/Studio-42/elFinder/commit/c08bcbfa722d758d01975799b7036951eb5d33cb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Studio-42/elFinder/commit/c08bcbfa722d758d01975799b7036951eb5d33cb"},{"reference_url":"https://github.com/Studio-42/elFinder/issues/3429","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Studio-42/elFinder/issues/3429"},{"reference_url":"https://twitter.com/infosec_90/status/1455180286354919425","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://twitter.com/infosec_90/status/1455180286354919425"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43421","reference_id":"CVE-2021-43421","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43421"},{"reference_url":"https://github.com/advisories/GHSA-x4jx-hjwf-gc99","reference_id":"GHSA-x4jx-hjwf-gc99","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4jx-hjwf-gc99"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19815?format=json","purl":"pkg:composer/studio-42/elfinder@2.1.60","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vpw-j3w8-gbce"},{"vulnerability":"VCID-7akg-fv5t-6bbf"},{"vulnerability":"VCID-yhuc-579d-s3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.60"}],"aliases":["CVE-2021-43421","GHSA-x4jx-hjwf-gc99"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4ng-v49y-cyed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/335430?format=json","vulnerability_id":"VCID-ra5c-p87r-gqe9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23394","reference_id":"","reference_type":"","scores":[{"value":"0.76848","scoring_system":"epss","scoring_elements":"0.98977","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23394"},{"reference_url":"https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities"},{"reference_url":"https://github.com/Studio-42/elFinder/commit/75ea92decc16a5daf7f618f85dc621d1b534b5e1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Studio-42/elFinder/commit/75ea92decc16a5daf7f618f85dc621d1b534b5e1"},{"reference_url":"https://github.com/Studio-42/elFinder/issues/3295","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Studio-42/elFinder/issues/3295"},{"reference_url":"https://github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qr","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23394","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23394"},{"reference_url":"https://snyk.io/vuln/SNYK-PHP-STUDIO42ELFINDER-1290554","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PHP-STUDIO42ELFINDER-1290554"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383260?format=json","purl":"pkg:composer/studio-42/elfinder@2.1.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vpw-j3w8-gbce"},{"vulnerability":"VCID-7akg-fv5t-6bbf"},{"vulnerability":"VCID-fxyn-sh8a-1uh9"},{"vulnerability":"VCID-r4ng-v49y-cyed"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.58"}],"aliases":["CVE-2021-23394","GHSA-qm58-cvvm-c5qr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ra5c-p87r-gqe9"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.51"}