cvedb.io
CVE-2022-26960
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2022-03-21T17:15:07.740 · Last modified 2026-06-17T04:36:13.747

Summary

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.

Affected products

std42 — elfinder

Does this affect you?

Add your gear to cvedb and we'll alert you only when std42 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.