Skip to main content

CVE-2022-26960

Description

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.

NVD
Severity: CRITICAL
CVE ID: CVE-2022-26960
CVSS Score: 9.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2022-26960
Last updated on by Vulnerability_bot_v1.3.9