gordon-matt

2 exploits Active since Aug 2018
CVE-2018-15495 WRITEUP HIGH WRITEUP
Responsive FileManager < 9.13.3 - Path Traversal and Server-Side Request Forgery via URL Parameter
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
CVSS 7.5
CVE-2021-23428 WRITEUP HIGH WORKING POC
elFinder.NetCore - Path Traversal via Path.Combine
This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal
CVSS 8.6