CVE-2019-6257
HIGHelFinder < 2.1.46 - Server-Side Request Forgery via get_remote_contents()
Title source: llmDescription
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/Studio-42/elFinder/blob/68ec63c0aeca3963101aca8f842dc9f2e4c4c6d3/Changelog
Patch, Third Party Advisory x_refsource_misc
https://github.com/Studio-42/elFinder/commit/2f522db8f037a66ce9040ee0b216aa4a0359286c
Scores
CVSS v3
7.7
EPSS
0.0110
EPSS Percentile
61.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (2)
std42/elfinder
< 2.1.46
studio-42/elfinder
0 - 2.1.49Packagist
Published
Jan 14, 2019
Tracked Since
Feb 18, 2026