CVE-2021-23428

Summary

This affects all versions of package elFinder.NetCore. The Path.Combine(…) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal

Affected Software

VendorProductVersion RangeStatus
n/aelFinder.NetCore0 < unspecifiedaffected

Weaknesses

  • Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

References