| CVE-2026-41247 |
critical |
9.8 |
9.8 |
1mo ago |
elFinder: Command injection in resize background color parameter when using ImageMagick CLI |
|
| CVE-2026-44521 |
high |
8.8 |
8.8 |
17d ago |
elFinder MySQL has a SQL Injection in its Volume Driver (elFinderVolumeMySQL) |
|
| CVE-2024-38909 |
unknown |
— |
— |
2y ago |
Studio 42 elFinder vulnerable to Incorrect Access Control |
|
| CVE-2023-35840 |
unknown |
— |
— |
3y ago |
elFinder vulnerable to path traversal in LocalVolumeDriver connector |
|
| CVE-2019-9194 |
unknown |
— |
— |
4y ago |
elFinder command injection vulnerability in the PHP connector |
|
| CVE-2018-9110 |
unknown |
— |
— |
4y ago |
Directory Traversal in Studio 42 elFinder |
|
| CVE-2018-9109 |
unknown |
— |
— |
4y ago |
elFinder Path Traversal vulnerability |
|
| CVE-2019-5884 |
unknown |
— |
— |
4y ago |
Sensitive Data Exposure in elFinder |
|
| CVE-2019-6257 |
unknown |
— |
— |
4y ago |
elFinder Server Side Request Forgery (SSRF) |
|
| CVE-2022-27115 |
unknown |
— |
— |
4y ago |
RCE in Studio-42 elFinder on Windows before 2.1.61 |
|
| CVE-2021-43421 |
unknown |
— |
— |
4y ago |
elFinder Unrestricted File Upload vulnerability |
|
| CVE-2022-26960 |
unknown |
— |
— |
4y ago |
Path Traversal in Studio-42 elFinder through 2.1.60 |
|
| CVE-2021-45919 |
unknown |
— |
— |
4y ago |
Studio 42 elFinder allows stored XSS |
|
| CVE-2021-32682 |
unknown |
— |
— |
5y ago |
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE |
|
| CVE-2021-23394 |
unknown |
— |
— |
5y ago |
elFinder unsafe upload filtering leading to remote code execution |
|