eLfinder vulnerable to RCE due to lack of file extension restriction

CVE-2023-52044

Currently unrated

Key Information:

Vendor: Studio-42
Vendor: CVE Published:; 31 October 2024

Summary

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension.

References

https://github.com/Studio-42/elFinder/issues/3615

Timeline

Vulnerability published
Oct 31, 2024
Vulnerability Reserved
Dec 26, 2023

Collectors

NVD DatabaseMitre Database

.