CVE-2019-6257

Published: Jan 14, 2019Modified: Nov 21, 2024

7.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability: 3.1 / Impact: 4.0

Source: NVD

Description

A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.

Affected (1)

Products: Std42: Elfinder

Std42

1 product

Elfinder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Std42 Elfinder	Before 2.1.46

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://github.com/Studio-42/elFinder/blob/68ec63c0aeca3963101aca8f842dc9f2e4c4c6d3/Changelog

Source: cve@mitre.org

Third Party Advisory

https://github.com/Studio-42/elFinder/commit/2f522db8f037a66ce9040ee0b216aa4a0359286c

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/Studio-42/elFinder/blob/68ec63c0aeca3963101aca8f842dc9f2e4c4c6d3/Changelog

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/Studio-42/elFinder/commit/2f522db8f037a66ce9040ee0b216aa4a0359286c

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.