← Zuruck zu CVEs
CVE-2024-38909
CRITICAL9.8
Beschreibung
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht7/30/2024
Zuletzt geandert4/28/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
std42:elfinder
Schwachen (CWE)
CWE-284
Referenzen
http://elfinder.com(cve@mitre.org)
https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909(cve@mitre.org)
http://elfinder.com(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.