PT-2019-17842 · Studio 42 · Elfinder
Hamsalekha Madiraju
+1
·
Published
2019-01-10
·
Updated
2022-05-13
·
CVE-2019-5884
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
elFinder versions prior to 2.1.45
Description
The issue is related to information leakage in the
php/elFinder.class.php file of elFinder. This occurs when PHP's curl extension is enabled and either safe mode or open basedir is not set.Recommendations
For versions prior to 2.1.45, update to version 2.1.45 or later to resolve the issue. As a temporary workaround, consider disabling PHP's curl extension or setting
safe mode or open basedir to restrict the vulnerability until a patch is applied.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elfinder