Enhancement: cves/2022/CVE-2022-26960.yaml by mp
parent
e3a731cc54
commit
b2ee4864e2
|
@ -1,16 +1,16 @@
|
||||||
id: CVE-2022-26960
|
id: CVE-2022-26960
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: elFinder - Path Traversal
|
name: elFinder <=2.1.60 - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
|
elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
|
||||||
reference:
|
reference:
|
||||||
- https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
|
- https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-26960
|
|
||||||
- https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db
|
- https://github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db
|
||||||
- https://www.synacktiv.com/publications.html
|
- https://www.synacktiv.com/publications.html
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-26960
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
||||||
cvss-score: 9.1
|
cvss-score: 9.1
|
||||||
|
@ -36,3 +36,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/07/05
|
||||||
|
|
Loading…
Reference in New Issue