eLfinder vulnerable to RCE due to lack of file extension restriction
CVE-2023-52044

Currently unrated

Key Information:

Vendor

Studio-42

Status
Elfinder
Vendor
CVE Published:
31 October 2024

What is CVE-2023-52044?

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension.

References

https://github.com/Studio-42/elFinder/issues/3615

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.