From b2ee4864e25379bc79bb9ef0e2d1025ecfdb7579 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Tue, 5 Jul 2022 13:21:14 -0400
Subject: [PATCH] Enhancement: cves/2022/CVE-2022-26960.yaml by mp

---
 cves/2022/CVE-2022-26960.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/cves/2022/CVE-2022-26960.yaml b/cves/2022/CVE-2022-26960.yaml
index d415921b68..515e1e48d5 100644
--- a/cves/2022/CVE-2022-26960.yaml
+++ b/cves/2022/CVE-2022-26960.yaml
@@ -1,16 +1,16 @@
 id: CVE-2022-26960
 
 info:
-  name: elFinder - Path Traversal
+  name: elFinder <=2.1.60 - Local File Inclusion
   author: pikpikcu
   severity: critical
   description: |
-    Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
+    elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
   reference:
     - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
     - https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db
     - https://www.synacktiv.com/publications.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
     cvss-score: 9.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/07/05