Timo Mueller

**Name of the Vulnerable Software and Affected Versions** elFinder.AspNet versions prior to 1.1.1 **Description** The issue arises from the improper sanitization of user-controlled file names before they are used to create file system paths. This lack of sanitization can lead to potential security issues. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider implementing additional sanitization measures for user-controlled file names to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** elFinder.Net.Core versions 0 through 1.2.4 **Description** The issue arises from the improper sanitization of user-controlled file names before they are used to create file system paths. **Recommendations** For versions 0 through 1.2.4, update to version 1.2.4 or later to resolve the issue.