VYPR
Vendor

Studio 42

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2025-0818MedAug 13, 2025
    risk 0.35cvss 6.5epss 0.01

    Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to…

  • CVE-2019-9194Feb 26, 2019
    risk 0.04cvss epss 0.97

    elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

  • CVE-2021-32682Jun 14, 2021
    risk 0.02cvss epss 0.70

    elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with…

  • CVE-2023-52044Oct 31, 2024
    risk 0.00cvss epss 0.01

    Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension.

  • CVE-2023-52045Oct 31, 2024
    risk 0.00cvss epss 0.00

    Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability.

  • CVE-2024-38909Jul 30, 2024
    risk 0.00cvss epss 0.00

    Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.

  • CVE-2022-27115Apr 11, 2022
    risk 0.00cvss epss 0.29

    In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.

  • CVE-2021-43421Apr 7, 2022
    risk 0.00cvss epss 0.43

    A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.

  • CVE-2021-45919Feb 8, 2022
    risk 0.00cvss epss 0.01

    Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.

  • CVE-2019-6257Jan 14, 2019
    risk 0.00cvss epss 0.01

    A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.

  • CVE-2019-5884Jan 10, 2019
    risk 0.00cvss epss 0.01

    php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.

  • CVE-2013-1972Jun 24, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.