VYPR
High severityNVD Advisory· Published Jun 13, 2021· Updated Sep 16, 2024

Remote Code Execution (RCE)

CVE-2021-23394

Description

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
studio-42/elfinderPackagist
< 2.1.582.1.58

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.