Elfinder · Elfinder · CVE-2022-26960
**Name of the Vulnerable Software and Affected Versions**
elFinder versions 2.1.60 and earlier
**Description**
The issue allows unauthenticated remote attackers to read, write, and browse files outside the configured document root due to improper handling of absolute file paths in the `connector.minimal.php` file. This enables attackers to access sensitive information and potentially cause damage by modifying files.
**Recommendations**
For versions 2.1.60 and earlier, update to a version later than 2.1.60 to resolve the issue. As a temporary workaround, consider restricting access to the `connector.minimal.php` file to minimize the risk of exploitation.