Ph33R

**Name of the Vulnerable Software and Affected Versions** Studio-42 elFinder versions 2.0.4 through 2.1.59 **Description** A File Upload issue exists via the `connector.minimal.php` file, allowing a remote malicious user to upload arbitrary files and execute PHP code. **Recommendations** For versions 2.0.4 through 2.1.59, consider disabling the `connector.minimal.php` file as a temporary workaround to prevent exploitation. Restrict access to this file to minimize the risk of uploading and executing malicious PHP code. At the moment, there is no information about a newer version that contains a fix for this issue.