CVE-2021-23394

Summary

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.

Affected Software

VendorProductVersion RangeStatus
n/astudio-42/elfinderunspecified < 2.1.58affected

Weaknesses

  • Remote Code Execution (RCE)

ADP Enrichment

CVE Program Container

Additional References

References