CVE-2018-9110
published 2018-03-28CVE-2018-9110: Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to…
PriorityP352critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
2.90%
85.2th percentile
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| std42 | elfinder | < 2.1.37 | 2.1.37 |
| studio-42 | elfinder | >= 2.1.12 < 2.1.37 | 2.1.37 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa9.1CRITICAL
osv9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Directory Traversal in Studio 42 elFinder
osv·2022-05-13·CVSS 9.1
CVE-2018-9110 [CRITICAL] Directory Traversal in Studio 42 elFinder
Directory Traversal in Studio 42 elFinder
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in `elFinder.class.php` with the `zipdl()` function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
GHSA
Directory Traversal in Studio 42 elFinder
ghsa·2022-05-13·CVSS 9.1
CVE-2018-9110 [CRITICAL] CWE-22 Directory Traversal in Studio 42 elFinder
Directory Traversal in Studio 42 elFinder
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in `elFinder.class.php` with the `zipdl()` function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Studio-42/elFinder/commit/e6351557b86cc10a7651253d2d2aff7f6b918f8ehttps://github.com/Studio-42/elFinder/releases/tag/2.1.37https://github.com/Studio-42/elFinder/wiki/Advisory-about-vulnerability-of-CVE-2018-9109-and-CVE-2018-9110https://github.com/Studio-42/elFinder/commit/e6351557b86cc10a7651253d2d2aff7f6b918f8ehttps://github.com/Studio-42/elFinder/releases/tag/2.1.37https://github.com/Studio-42/elFinder/wiki/Advisory-about-vulnerability-of-CVE-2018-9109-and-CVE-2018-9110
2018-03-28
Published