Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-38909

July 30, 2024, 2:15 p.m.

Tags

cve@mitre.org
2024-07-30
CVE-2024-38909

Product(s) Impacted

Studio 42 elFinder

  • 2.1.64

Description

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.

Weaknesses

Date

Published: July 30, 2024, 2:15 p.m.

Last Modified: July 30, 2024, 2:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

http://elfinder.com/ cve@mitre.org
https://github.com/ cve@mitre.org