cbcvebase.

Efwgrp Efw4.X vulnerabilities

4 known vulnerabilities affecting efwgrp/efw4.x.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-44257P2CRITICALCVSS 9.3fixed in 4.08.0102026-05-12
CVE-2026-44257 [CRITICAL] CWE-77 CVE-2026-44257: efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomcat process can write — including the servlet contex
nvd
CVE-2026-44258P3CRITICALCVSS 9.3fixed in 4.08.0102026-05-12
CVE-2026-44258 [CRITICAL] CWE-78 CVE-2026-44258: efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function valida efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containment, but does not validate the dst (destination) parameter used by elfinder_paste. An attacker can copy or move files from within the home directory to any arbitrary destination by setting ds
nvd
CVE-2026-44260P3HIGHCVSS 8.1fixed in 4.08.0102026-05-12
CVE-2026-44260 [HIGH] CWE-863 CVE-2026-44260: efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFi efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk enforces that the client sends readonly=true (matching the session value), but no event handler checks the readonly value before performing write operations. The flag only
nvd
CVE-2026-44259P4MEDIUMCVSS 4.6fixed in 4.08.0102026-05-12
CVE-2026-44259 [MEDIUM] CWE-80 CVE-2026-44259: efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with t efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml respectively, causing any embedded JavaScript to execute in the v
nvd
Efwgrp Efw4.X vulnerabilities | cvebase