CVE-2021-23394
- Reference to the description:
- Description:
- The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
- Last updated date:
- 11/09/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/22/2021
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/09/2022
- Reference url to background
https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/