PT-2019-17842 · Studio 42 · Elfinder

Hamsalekha Madiraju

Publicado

2019-01-10

Atualizado

2022-05-13

CVE-2019-5884

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions elFinder versions prior to 2.1.45

Description The issue is related to information leakage in the php/elFinder.class.php file of elFinder. This occurs when PHP's curl extension is enabled and either safe mode or open basedir is not set.

Recommendations For versions prior to 2.1.45, update to version 2.1.45 or later to resolve the issue. As a temporary workaround, consider disabling PHP's curl extension or setting safe mode or open basedir to restrict the vulnerability until a patch is applied.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2019-5884

GHSA-JCGC-VXQG-85XX

Produtos afetados

Elfinder

PT-2019-17842 · Studio 42 · Elfinder

CVE-2019-5884

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5