CVE-2019-6257

Name of the Vulnerable Software and Affected Versions elFinder versions prior to 2.1.49

Description A Server Side Request Forgery (SSRF) issue allows a malicious user to access the content of internal network resources. This occurs in the get remote contents() function in php/elFinder.class.php.

Recommendations For elFinder versions prior to 2.1.49, update to version 2.1.49 or later to resolve the issue. As a temporary workaround, consider disabling the get remote contents() function until a patch is available. Restrict access to internal network resources to minimize the risk of exploitation.