eLfinder vulnerable to RCE due to lack of file extension restriction
CVE-2023-52044

9.8CRITICAL

Key Information:

Vendor: Studio-42
Status: Elfinder
Vendor: CVE Published:; 31 October 2024

What is CVE-2023-52044?

The Studio-42 eLfinder version 2.1.62 is exposed to a significant security risk due to its inability to validate file uploads, specifically allowing files with the .php8 extension. This flaw permits attackers to upload malicious scripts, thereby executing arbitrary code on the affected system. Organizations using this version of eLfinder should address this vulnerability urgently to mitigate the risk of unauthorized access and data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/Studio-42/elFinder/issues/3615

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2024
Vulnerability Reserved
Dec 26, 2023

JSON

Studio-42

What is CVE-2023-52044?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.