CVE-2021-23415

Summary

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.

Affected Software

VendorProductVersion RangeStatus
n/aelFinder.AspNetunspecified < 1.1.1affected

Weaknesses

  • Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

References