CVE-2023-35840
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-35840 is a newly disclosed vulnerability affecting elFinder, an open-source file manager, before version 2.1.62. The issue lies in the _joinPath function within elFinderVolumeLocalFileSystem.class.php in the PHP LocalVolumeDriver connector. This vulnerability permits path traversal, enabling attackers to potentially access unintended files or directories on the targeted system. Successful exploitation could result in information disclosure or other security compromises. System administrators are advised to update to the latest elFinder version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Std42 Elfinder