Nao-Pon

**Name of the Vulnerable Software and Affected Versions** elFinder versions 2.1.58 **Description** The issue is related to the incorrect implementation of the authentication mechanism in the elFinder file manager. This can allow a remote attacker to execute arbitrary code. Several vulnerabilities affect elFinder, allowing an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. **Recommendations** For elFinder version 2.1.58, update to version 2.1.59 to resolve the issue. As a temporary workaround for version 2.1.58, ensure the connector is not exposed without authentication.