CVE-2023-35840

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jun 19, 2023
Updated: Jun 26, 2023
CWE ID 22

Summary

CVE-2023-35840 is a newly disclosed vulnerability affecting elFinder, an open-source file manager, before version 2.1.62. The issue lies in the _joinPath function within elFinderVolumeLocalFileSystem.class.php in the PHP LocalVolumeDriver connector. This vulnerability permits path traversal, enabling attackers to potentially access unintended files or directories on the targeted system. Successful exploitation could result in information disclosure or other security compromises. System administrators are advised to update to the latest elFinder version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share