CRITICAL9.8CVE-2026-41247elFinder: Command injection in resize background color parameter when using ImageMagick CLI from 0, < 2.1.67
CRITICAL9.8CVE-2024-38909Studio 42 elFinder vulnerable to Incorrect Access Control from 0, <= 2.1.64
CRITICAL9.8CVE-2019-9194elFinder command injection vulnerability in the PHP connector from 0, < 2.1.48
CRITICAL9.8RCE in Studio-42 elFinder on Windows before 2.1.61
from 0, < 2.1.61
CRITICAL9.8elFinder Unrestricted File Upload vulnerability
>= 2.0.4, < 2.1.60
CRITICAL9.8elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
from 0, < 2.1.59
CRITICAL9.1Directory Traversal in Studio 42 elFinder
>= 2.1.12, < 2.1.37
CRITICAL9.1elFinder Path Traversal vulnerability
from 0, < 2.1.36
CRITICAL9.1Path Traversal in Studio-42 elFinder through 2.1.60
from 0, < 2.1.61
HIGH8.8elFinder MySQL has a SQL Injection in its Volume Driver (elFinderVolumeMySQL)
from 0, < 2.1.68
HIGH8.1elFinder unsafe upload filtering leading to remote code execution
from 0, < 2.1.58
HIGH7.7elFinder Server Side Request Forgery (SSRF)
from 0, < 2.1.49
HIGH7.5elFinder vulnerable to path traversal in LocalVolumeDriver connector
from 0, < 2.1.62
MEDIUM5.9Sensitive Data Exposure in elFinder
from 0, < 2.1.45
MEDIUM5.4Studio 42 elFinder allows stored XSS
from 0, <= 2.1.31