CVE-2021-23407

Summary

This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.

Affected Software

VendorProductVersion RangeStatus
n/aelFinder.Net.Core0 < unspecifiedaffected
n/aelFinder.Net.Coreunspecified < 1.2.4affected

Weaknesses

  • Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

References