The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2021-06-13T11:05:11.816027Z
Updated: 2024-09-16T22:30:47.517Z
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23394
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-06-13T11:15:14.290
Modified: 2022-11-09T03:32:27.307
Link: CVE-2021-23394
Redhat
No data.