Ravindra Rajaram

#11402of 53,633
24.1Total CVSS
Vulnerabilities · 3
Medium
1
Critical
2
PT-2019-17842
5.9
2019-01-10
Studio 42 · Elfinder · CVE-2019-5884
**Name of the Vulnerable Software and Affected Versions** elFinder versions prior to 2.1.45 **Description** The issue is related to information leakage in the `php/elFinder.class.php` file of elFinder. This occurs when PHP's curl extension is enabled and either `safe mode` or `open basedir` is not set. **Recommendations** For versions prior to 2.1.45, update to version 2.1.45 or later to resolve the issue. As a temporary workaround, consider disabling PHP's curl extension or setting `safe mode` or `open basedir` to restrict the vulnerability until a patch is applied.
PT-2018-18858
9.1
2018-03-28
Studio 42 · Elfinder · CVE-2018-9109
**Name of the Vulnerable Software and Affected Versions** Studio 42 elFinder versions prior to 2.1.36 Studio 42 elFinder version 2.1.36 **Description** The issue is a directory traversal vulnerability in `elFinder.class.php` with the `zipdl()` function. This vulnerability can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. **Recommendations** For versions prior to 2.1.36, update to version 2.1.36 or later to resolve the issue. For version 2.1.36, update to version 2.1.37 or later to resolve the issue. As a temporary workaround, consider disabling the `zipdl()` function in `elFinder.class.php` until a patch is available.
PT-2018-18859
9.1
2018-03-28
Studio 42 · Elfinder · CVE-2018-9110
**Name of the Vulnerable Software and Affected Versions** Studio 42 elFinder versions prior to 2.1.37 **Description** The issue is related to a directory traversal vulnerability in the `elFinder.class.php` file, specifically with the `zipdl()` function. This vulnerability can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. **Recommendations** For versions prior to 2.1.37, update to version 2.1.37 or later to resolve the issue. As a temporary workaround, consider disabling the `zipdl()` function in `elFinder.class.php` to minimize the risk of exploitation. Restrict access to sensitive files and directories to prevent unauthorized access.