Known Vulnerabilities for products from Elfinder Project
Listed below are 4 of the newest known vulnerabilities associated with the vendor "Elfinder Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34414 json | Not Provided | 2026-04-22 | 2026-04-24 | |
| CVE-2026-34413 json | Not Provided | 2026-04-22 | 2026-04-24 | |
| CVE-2019-6257 json | A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the conte... | 7.7 - HIGH | 2019-01-14 | 2021-09-09 |
| CVE-2019-5884 json | php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_b... | 5.9 - MEDIUM | 2019-01-10 | 2021-09-09 |
| CVE-2018-9110 json | Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that... | 9.1 - CRITICAL | 2018-03-28 | 2021-09-09 |
| CVE-2018-9109 json | Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that... | 9.1 - CRITICAL | 2018-03-28 | 2021-09-09 |