CVE-2023-52044

Name of the Vulnerable Software and Affected Versions Studio-42 eLfinder versions 2.1.62 and prior

Description The issue is related to Remote Code Execution (RCE) due to the lack of restriction for uploading files with the .php8 extension. This allows users to upload malicious files, potentially leading to RCE. The estimated number of affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Studio-42 eLfinder versions 2.1.62 and prior, update to the latest version to mitigate risks. As a temporary workaround, consider restricting the upload of files with the .php8 extension to minimize the risk of exploitation.