Studio 42 · Elfinder · CVE-2019-5884
**Name of the Vulnerable Software and Affected Versions**
elFinder versions prior to 2.1.45
**Description**
The issue is related to information leakage in the `php/elFinder.class.php` file of elFinder. This occurs when PHP's curl extension is enabled and either `safe mode` or `open basedir` is not set.
**Recommendations**
For versions prior to 2.1.45, update to version 2.1.45 or later to resolve the issue. As a temporary workaround, consider disabling PHP's curl extension or setting `safe mode` or `open basedir` to restrict the vulnerability until a patch is applied.