CVE-2024-38909

Published: Jul 30, 2024Modified: Apr 28, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.

Affected (1)

Products: Std42: Elfinder

Std42

1 product

Elfinder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Std42 Elfinder	Version 2.1.64

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://elfinder.com

Source: cve@mitre.org

Permissions Required

https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909

Source: cve@mitre.org

Third Party Advisory

http://elfinder.com

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.