CVE-2022-26960

Name of the Vulnerable Software and Affected Versions elFinder versions 2.1.60 and earlier

Description The issue allows unauthenticated remote attackers to read, write, and browse files outside the configured document root due to improper handling of absolute file paths in the connector.minimal.php file. This enables attackers to access sensitive information and potentially cause damage by modifying files.

Recommendations For versions 2.1.60 and earlier, update to a version later than 2.1.60 to resolve the issue. As a temporary workaround, consider restricting access to the connector.minimal.php file to minimize the risk of exploitation.