Known Vulnerabilities for products from Std42
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Std42".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41247 json | elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a ... | Not Provided | 2026-04-23 | 2026-04-28 |
| CVE-2023-35840 json | _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDr... | 6.5 - MEDIUM | 2023-06-19 | 2023-06-26 |
| CVE-2022-27115 json | In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file up... | 9.8 - CRITICAL | 2022-04-11 | 2022-04-15 |
| CVE-2022-26960 json | connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote atta... | 9.1 - CRITICAL | 2022-03-21 | 2022-06-30 |
| CVE-2021-45919 json | Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. | 5.4 - MEDIUM | 2022-02-08 | 2022-02-11 |
| CVE-2021-43421 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-04-07 | 2022-04-13 |
| CVE-2021-32682 json | elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFind... | 9.8 - CRITICAL | 2021-06-14 | 2022-11-09 |
| CVE-2021-23394 json | The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .ph... | 9.8 - CRITICAL | 2021-06-13 | 2022-11-09 |
| CVE-2019-9194 json | elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. | 9.8 - CRITICAL | 2019-02-26 | 2020-08-24 |
| CVE-2019-6257 json | A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the conte... | 7.7 - HIGH | 2019-01-14 | 2021-09-09 |
| CVE-2019-5884 json | php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_b... | 5.9 - MEDIUM | 2019-01-10 | 2021-09-09 |
| CVE-2018-9110 json | Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that... | 9.1 - CRITICAL | 2018-03-28 | 2021-09-09 |
| CVE-2018-9109 json | Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that... | 9.1 - CRITICAL | 2018-03-28 | 2021-09-09 |
Known software with vulnerabilities from Std42
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Std42 | Elfinder | 1.0.1 |