Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-30T00:00:00
Updated: 2024-08-02T04:19:20.495Z
Reserved: 2024-06-21T00:00:00
Link: CVE-2024-38909
Vulnrichment
Updated: 2024-08-02T04:19:20.495Z
NVD
Status : Awaiting Analysis
Published: 2024-07-30T14:15:02.897
Modified: 2024-08-01T13:55:08.623
Link: CVE-2024-38909
Redhat
No data.