cbcvebase.
CVE-2022-26960
published 2022-03-21

CVE-2022-26960: connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse…

PriorityP181critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
50.99%
98.8th percentile
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.

Affected

2 ranges
VendorProductVersion rangeFixed in
std42elfinder< 2.1.612.1.61
studio-42elfinder>= 0 < 2.1.612.1.61

Detection & IOCsextracted from sources · hover to see the quote

path/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd
filenameconnector.minimal.php
  • Look for path traversal sequences (/../) targeting files outside the document root via connector.minimal.php in elFinder installations, particularly requests containing sequences like //..//..//../ combined with a 'download=1' parameter.
  • Unauthenticated requests to connector.minimal.php with path traversal sequences should be flagged; no authentication is required for exploitation.
  • Monitor HTTP responses from elFinder endpoints for /etc/passwd content (matching root:.*:0:0:) as an indicator of successful exploitation.
  • ·The path traversal exploit path assumes elFinder is installed at /var/www/html/elfinder/files/; actual traversal depth and base path may vary depending on server configuration.
  • ·The vulnerability is due to improper handling of absolute file paths, meaning detection rules should account for both relative traversal sequences and absolute path injection attempts.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.