High severity7.5NVD Advisory· Published Jul 14, 2021· Updated Jun 17, 2026
CVE-2021-23407
CVE-2021-23407
Description
This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
elFinder.Net.CoreNuGet | < 1.2.4 | 1.2.4 |
Affected products
2- elFinder.Net.Core/elFinder.Net.Coredescription
Patches
Vulnerability mechanics
References
5- github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73nvdPatchThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1315152nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-mvvp-gwgc-5hrpghsaADVISORY
- github.com/trannamtrung1st/elFinder.Net.Core/releases/tag/all-1.2.4nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-23407ghsaADVISORY
News mentions
0No linked articles in our index yet.