Naoki Sawada

2 exploits Active since Jan 2019
CVE-2021-32682 WRITEUP CRITICAL WRITEUP
elFinder < 2.1.59 - Remote Code Execution via Archive Command Injection
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
CVSS 9.8
CVE-2019-6257 WRITEUP HIGH WRITEUP
elFinder < 2.1.46 - Server-Side Request Forgery via get_remote_contents()
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
CVSS 7.7