Skip to main content
CVE-2021-23394 CRITICAL POC PATCH THREAT Act Now

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload Elfinder
NVD GitHub
CVSS 3.1
9.8
EPSS
19.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy