CVE-2024-38909
CRITICALStudio 42 elFinder 2.1.64 - Improper Access Control via File Copy
Title source: llmDescription
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.
References (2)
Core 2
Core References
Permissions Required
http://elfinder.com
Third Party Advisory
https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909
Scores
CVSS v3
9.8
EPSS
0.0049
EPSS Percentile
38.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (2)
std42/elfinder
2.1.64
studio-42/elfinder
0Packagist
Published
Jul 30, 2024
Tracked Since
Feb 18, 2026