pkg:Packagist/studio-42/elfinder

15 total CVEsCRITICAL9HIGH4MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-41247elFinder: Command injection in resize background color parameter when using ImageMagick CLI
    from 0, < 2.1.67
  • CRITICAL9.8CVE-2024-38909Studio 42 elFinder vulnerable to Incorrect Access Control
    from 0, <= 2.1.64
  • CRITICAL9.8CVE-2019-9194elFinder command injection vulnerability in the PHP connector
    from 0, < 2.1.48
  • CRITICAL9.8CVE-2022-27115RCE in Studio-42 elFinder on Windows before 2.1.61
    from 0, < 2.1.61
  • CRITICAL9.8CVE-2021-43421elFinder Unrestricted File Upload vulnerability
    >= 2.0.4, < 2.1.60
  • CRITICAL9.8CVE-2021-32682elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
    from 0, < 2.1.59
  • CRITICAL9.1CVE-2018-9110Directory Traversal in Studio 42 elFinder
    >= 2.1.12, < 2.1.37
  • CRITICAL9.1CVE-2018-9109elFinder Path Traversal vulnerability
    from 0, < 2.1.36
  • CRITICAL9.1CVE-2022-26960Path Traversal in Studio-42 elFinder through 2.1.60
    from 0, < 2.1.61
  • HIGH8.8CVE-2026-44521elFinder MySQL has a SQL Injection in its Volume Driver (elFinderVolumeMySQL)
    from 0, < 2.1.68
  • HIGH8.1CVE-2021-23394elFinder unsafe upload filtering leading to remote code execution
    from 0, < 2.1.58
  • HIGH7.7CVE-2019-6257elFinder Server Side Request Forgery (SSRF)
    from 0, < 2.1.49
  • HIGH7.5CVE-2023-35840elFinder vulnerable to path traversal in LocalVolumeDriver connector
    from 0, < 2.1.62
  • MEDIUM5.9CVE-2019-5884Sensitive Data Exposure in elFinder
    from 0, < 2.1.45
  • MEDIUM5.4CVE-2021-45919Studio 42 elFinder allows stored XSS
    from 0, <= 2.1.31