CVE-2018-9109
published 2018-03-28CVE-2018-9109: Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to…
PriorityP352critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
2.96%
85.5th percentile
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| std42 | elfinder | < 2.1.37 | 2.1.37 |
| std42 | elfinder | < 2.1.36 | 2.1.36 |
| studio-42 | elfinder | >= 0 < 2.1.36 | 2.1.36 |
| studio-42 | elfinder | >= 2.1.12 < 2.1.37 | 2.1.37 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa9.1CRITICAL
osv9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Directory Traversal in Studio 42 elFinder
osv·2022-05-13·CVSS 9.1
CVE-2018-9110 [CRITICAL] Directory Traversal in Studio 42 elFinder
Directory Traversal in Studio 42 elFinder
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in `elFinder.class.php` with the `zipdl()` function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
GHSA
Directory Traversal in Studio 42 elFinder
ghsa·2022-05-13·CVSS 9.1
CVE-2018-9110 [CRITICAL] CWE-22 Directory Traversal in Studio 42 elFinder
Directory Traversal in Studio 42 elFinder
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in `elFinder.class.php` with the `zipdl()` function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
GHSA
elFinder Path Traversal vulnerability
ghsa·2022-05-13
CVE-2018-9109 [CRITICAL] CWE-22 elFinder Path Traversal vulnerability
elFinder Path Traversal vulnerability
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in `elFinder.class.php` with the `zipdl()` function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.
OSV
elFinder Path Traversal vulnerability
osv·2022-05-13
CVE-2018-9109 [CRITICAL] elFinder Path Traversal vulnerability
elFinder Path Traversal vulnerability
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in `elFinder.class.php` with the `zipdl()` function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Studio-42/elFinder/commit/157f471d7e48f190f74e66eb5bc73360b5352fd3https://github.com/Studio-42/elFinder/releases/tag/2.1.36https://github.com/Studio-42/elFinder/wiki/Advisory-about-vulnerability-of-CVE-2018-9109-and-CVE-2018-9110https://github.com/Studio-42/elFinder/commit/157f471d7e48f190f74e66eb5bc73360b5352fd3https://github.com/Studio-42/elFinder/releases/tag/2.1.36https://github.com/Studio-42/elFinder/wiki/Advisory-about-vulnerability-of-CVE-2018-9109-and-CVE-2018-9110
2018-03-28
Published