Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/526389?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/526389?format=api", "purl": "pkg:composer/studio-42/elfinder@2.1.53", "type": "composer", "namespace": "studio-42", "name": "elfinder", "version": "2.1.53", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.1.68", "latest_non_vulnerable_version": "2.1.68", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42865?format=api", "vulnerability_id": "VCID-5kng-h529-a7bk", "summary": "Unrestricted Upload of File with Dangerous Type\nA File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.79545", "scoring_system": "epss", "scoring_elements": "0.99107", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.79545", "scoring_system": "epss", "scoring_elements": "0.99109", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.79545", "scoring_system": "epss", "scoring_elements": "0.99108", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43421" }, { "reference_url": "https://github.com/Studio-42/elFinder", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder" }, { "reference_url": "https://github.com/Studio-42/elFinder/commit/c08bcbfa722d758d01975799b7036951eb5d33cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder/commit/c08bcbfa722d758d01975799b7036951eb5d33cb" }, { "reference_url": "https://github.com/Studio-42/elFinder/issues/3429", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder/issues/3429" }, { "reference_url": "https://twitter.com/infosec_90/status/1455180286354919425", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://twitter.com/infosec_90/status/1455180286354919425" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43421", "reference_id": "CVE-2021-43421", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43421" }, { "reference_url": "https://github.com/advisories/GHSA-x4jx-hjwf-gc99", "reference_id": "GHSA-x4jx-hjwf-gc99", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4jx-hjwf-gc99" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61287?format=api", "purl": "pkg:composer/studio-42/elfinder@2.1.60", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6zhm-s111-cbdz" }, { "vulnerability": "VCID-gbgu-p94a-b3ft" }, { "vulnerability": "VCID-vcv5-fuhe-8qb9" }, { "vulnerability": "VCID-wqdj-98g6-cbf9" }, { "vulnerability": "VCID-zynq-4ev9-97f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.60" } ], "aliases": [ "CVE-2021-43421", "GHSA-x4jx-hjwf-gc99" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5kng-h529-a7bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42763?format=api", "vulnerability_id": "VCID-6zhm-s111-cbdz", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\n`connector.minimal.php` in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.84151", "scoring_system": "epss", "scoring_elements": "0.99324", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.84151", "scoring_system": "epss", "scoring_elements": "0.99327", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.84151", "scoring_system": "epss", "scoring_elements": "0.99326", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.84151", "scoring_system": "epss", "scoring_elements": "0.99325", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26960" }, { "reference_url": "https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db" }, { "reference_url": "https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html" }, { "reference_url": "https://www.synacktiv.com/publications.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.synacktiv.com/publications.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26960", "reference_id": "CVE-2022-26960", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26960" }, { "reference_url": "https://github.com/advisories/GHSA-7q88-jxvp-9gp2", "reference_id": "GHSA-7q88-jxvp-9gp2", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7q88-jxvp-9gp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61062?format=api", "purl": "pkg:composer/studio-42/elfinder@2.1.61", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gbgu-p94a-b3ft" }, { "vulnerability": "VCID-wqdj-98g6-cbf9" }, { "vulnerability": "VCID-zynq-4ev9-97f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.61" } ], "aliases": [ "CVE-2022-26960", "GHSA-7q88-jxvp-9gp2" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6zhm-s111-cbdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54626?format=api", "vulnerability_id": "VCID-epsh-sfj8-4ycf", "summary": "Unrestricted Upload of File with Dangerous Type\nThe package studio-42/elfinder is vulnerable to Remote Code Execution (RCE) via execution of PHP code in a `.phar` file. This only applies if the server parses `.phar` files as PHP.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76848", "scoring_system": "epss", "scoring_elements": "0.98975", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.76848", "scoring_system": "epss", "scoring_elements": "0.98976", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.76848", "scoring_system": "epss", "scoring_elements": "0.98974", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.76848", "scoring_system": "epss", "scoring_elements": "0.98973", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23394" }, { "reference_url": "https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities" }, { "reference_url": "https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/" }, { "reference_url": "https://github.com/Studio-42/elFinder", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder" }, { "reference_url": "https://github.com/Studio-42/elFinder/commit/75ea92decc16a5daf7f618f85dc621d1b534b5e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder/commit/75ea92decc16a5daf7f618f85dc621d1b534b5e1" }, { "reference_url": "https://github.com/Studio-42/elFinder/issues/3295", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder/issues/3295" }, { "reference_url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qr", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qr" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-STUDIO42ELFINDER-1290554", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PHP-STUDIO42ELFINDER-1290554" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23394", "reference_id": "CVE-2021-23394", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23394" }, { "reference_url": "https://github.com/advisories/GHSA-qm58-cvvm-c5qr", "reference_id": "GHSA-qm58-cvvm-c5qr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm58-cvvm-c5qr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81003?format=api", "purl": "pkg:composer/studio-42/elfinder@2.1.58", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kng-h529-a7bk" }, { "vulnerability": "VCID-6zhm-s111-cbdz" }, { "vulnerability": "VCID-gbgu-p94a-b3ft" }, { "vulnerability": "VCID-qjvv-jtgk-wfag" }, { "vulnerability": "VCID-wqdj-98g6-cbf9" }, { "vulnerability": "VCID-zynq-4ev9-97f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.58" } ], "aliases": [ "CVE-2021-23394", "GHSA-qm58-cvvm-c5qr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-epsh-sfj8-4ycf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55597?format=api", "vulnerability_id": "VCID-gbgu-p94a-b3ft", "summary": "Studio 42 elFinder vulnerable to Incorrect Access Control\nStudio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.", "references": [ { "reference_url": "http://elfinder.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-30T19:10:09Z/" } ], "url": "http://elfinder.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49038", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49063", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49072", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49056", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49026", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38909" }, { "reference_url": "https://github.com/Studio-42/elFinder", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder" }, { "reference_url": "https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909", "reference_id": "CVE-2024-38909", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-30T19:10:09Z/" } ], "url": "https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38909", "reference_id": "CVE-2024-38909", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38909" }, { "reference_url": "https://github.com/advisories/GHSA-3h9f-mm2x-4j58", "reference_id": "GHSA-3h9f-mm2x-4j58", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3h9f-mm2x-4j58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/754688?format=api", "purl": "pkg:composer/studio-42/elfinder@2.1.65", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zynq-4ev9-97f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.65" } ], "aliases": [ "CVE-2024-38909", "GHSA-3h9f-mm2x-4j58" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbgu-p94a-b3ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54627?format=api", "vulnerability_id": "VCID-qjvv-jtgk-wfag", "summary": "Path Traversal\nelFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched As a workaround, ensure the connector is not exposed without authentication.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/164173/elFinder-Archive-Command-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/164173/elFinder-Archive-Command-Injection.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92768", "scoring_system": "epss", "scoring_elements": "0.99771", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.92768", "scoring_system": "epss", "scoring_elements": "0.9977", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.92768", "scoring_system": "epss", "scoring_elements": "0.99769", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32682" }, { "reference_url": "https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities" }, { "reference_url": "https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/" }, { "reference_url": "https://github.com/Studio-42/elFinder", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder" }, { "reference_url": "https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17" }, { "reference_url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qr", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qr" }, { "reference_url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32682", "reference_id": "CVE-2021-32682", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32682" }, { "reference_url": "https://github.com/advisories/GHSA-wph3-44rj-92pr", "reference_id": "GHSA-wph3-44rj-92pr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wph3-44rj-92pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61286?format=api", "purl": "pkg:composer/studio-42/elfinder@2.1.59", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5kng-h529-a7bk" }, { "vulnerability": "VCID-6zhm-s111-cbdz" }, { "vulnerability": "VCID-gbgu-p94a-b3ft" }, { "vulnerability": "VCID-wqdj-98g6-cbf9" }, { "vulnerability": "VCID-zynq-4ev9-97f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.59" } ], "aliases": [ "CVE-2021-32682", "GHSA-wph3-44rj-92pr" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjvv-jtgk-wfag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45439?format=api", "vulnerability_id": "VCID-wqdj-98g6-cbf9", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\n_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06261", "scoring_system": "epss", "scoring_elements": "0.91087", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06261", "scoring_system": "epss", "scoring_elements": "0.91097", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.06261", "scoring_system": "epss", "scoring_elements": "0.91081", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.06261", "scoring_system": "epss", "scoring_elements": "0.91084", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.06261", "scoring_system": "epss", "scoring_elements": "0.91086", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35840" }, { "reference_url": "https://github.com/Studio-42/elFinder", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder" }, { "reference_url": "https://github.com/Studio-42/elFinder/commit/bb9aaa7b096a1b83f2f85657c43f12131ece2891", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T20:05:30Z/" } ], "url": "https://github.com/Studio-42/elFinder/commit/bb9aaa7b096a1b83f2f85657c43f12131ece2891" }, { "reference_url": "https://github.com/afine-com/CVE-2023-35840", "reference_id": "CVE-2023-35840", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T20:05:30Z/" } ], "url": "https://github.com/afine-com/CVE-2023-35840" }, { "reference_url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-35840", "reference_id": "CVE-2023-35840", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T20:05:30Z/" } ], "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-35840" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35840", "reference_id": "CVE-2023-35840", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35840" }, { "reference_url": "https://github.com/advisories/GHSA-wm5g-p99q-66g4", "reference_id": "GHSA-wm5g-p99q-66g4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wm5g-p99q-66g4" }, { "reference_url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-wm5g-p99q-66g4", "reference_id": "GHSA-wm5g-p99q-66g4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T20:05:30Z/" } ], "url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-wm5g-p99q-66g4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65601?format=api", "purl": "pkg:composer/studio-42/elfinder@2.1.62", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gbgu-p94a-b3ft" }, { "vulnerability": "VCID-zynq-4ev9-97f9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.62" } ], "aliases": [ "CVE-2023-35840", "GHSA-wm5g-p99q-66g4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqdj-98g6-cbf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90089?format=api", "vulnerability_id": "VCID-zynq-4ev9-97f9", "summary": "elFinder: Command injection in resize background color parameter when using ImageMagick CLI\n### Severity\n**High** \n`bg` can be injected into shell command construction, leading to possible RCE in affected configurations.\n\n### Summary\n\nelFinder contains a command injection vulnerability in the `resize` command.\n\nThe `bg` (background color) parameter is accepted from user input and passed through image resize/rotate processing. In configurations that use the ImageMagick CLI backend, this value is incorporated into shell command strings without sufficient escaping. An attacker able to invoke the `resize` command with a crafted `bg` value may achieve arbitrary command execution as the web server process user.\n\nThis issue affects configurations where:\n- the `resize` command is enabled,\n- image processing uses the ImageMagick CLI backend, and\n- the vulnerable code paths are reachable.\n\n\n### Impact\n\nAn attacker may execute arbitrary OS commands with the privileges of the web server process.\n\nImpact depends on server configuration, enabled commands, backend image library selection, and surrounding deployment controls.\n\n\n### Affected versions\n\nAffected: all versions before 2.1.66\nPatched: 2.1.67\n\n\n### Details\n\nThe vulnerable flow is:\n\n1. The `resize` command accepts the `bg` parameter from the request.\n2. The parameter is passed into volume resize handling.\n3. In ImageMagick CLI code paths, the value is interpolated into shell command strings.\n4. Because the value is not safely constrained and escaped, shell metacharacters may be injected.\n\nThe issue was addressed by:\n- validating `bg` against a strict allowlist of supported color formats, and\n- safely escaping the value before it is passed into CLI command construction.\n\n\n### Workarounds\n\nPossible mitigations for users who cannot upgrade immediately:\n\n- disable the `resize` command if not required,\n- avoid using the ImageMagick CLI backend for image processing,\n- restrict access to trusted users only.\n\nUpgrading to the patched release is strongly recommended.\n\n\n### Credits\n\nThanks to Lin, WeiChi and Drew Webber for the responsible disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.2608", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25976", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.25971", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26027", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26074", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41247" }, { "reference_url": "https://github.com/Studio-42/elFinder", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Studio-42/elFinder" }, { "reference_url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-8q4h-8crm-5cvc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-25T01:25:15Z/" } ], "url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-8q4h-8crm-5cvc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41247", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41247" }, { "reference_url": "https://github.com/advisories/GHSA-8q4h-8crm-5cvc", "reference_id": "GHSA-8q4h-8crm-5cvc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8q4h-8crm-5cvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111325?format=api", "purl": "pkg:composer/studio-42/elfinder@2.1.67", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nhdd-vr4p-3uas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.67" } ], "aliases": [ "CVE-2026-41247", "GHSA-8q4h-8crm-5cvc" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zynq-4ev9-97f9" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/studio-42/elfinder@2.1.53" }