virus logo Intrusion Prevention

Studio-42.elFinder.getFullPath.Path.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Studio-42 elFinder.
The vulnerability is due to insufficient validation of user submitted paths. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation can result in disclosure of the content of files outside of the expected document root, or in the worst case, execution of arbitrary code under the security context of the web server process.

affected-products-logoAffected Products

Studio-42 elFinder prior to 2.1.61

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/advisories/GHSA-7q88-jxvp-9gp2

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-07-25 28.833
Modified
 Name:Studio-42.
elFinder.
getFullPath.
Directory.
Traversal:Studio-42.
elFinder.
getFullPath.
Path.
Traversal
2023-08-24 25.627
Modified
 Sig Added
2022-04-27 20.305
Modified
 Default_action:pass:drop
2022-04-18 20.299
New
ID 51390
Created Apr 07, 2022
Updated Jul 23, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 77.11%
Default Action drop
Active
Affected OS Linux
Affected App PHP_app
Profile Type Path Traversal