ELFinder.Connector.Minimal.php.Arbitrary.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Arbitrary File Upload vulnerability in ELFinder components.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted request. A remote attacker can exploit this to upload arbitrary files and by making a direct request to the file, also execute the script file uploaded.

affected-products-logoAffected Products

Tiki Wiki ELFinder Version 2.0
Studio-42 ELFinder version 2.1.57 and prior
WordPress Plugin File Manager Versions 6.0-6.8

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-08-28 25.628 Sig Added
2021-05-04 18.072 Sig Added
2020-09-29 16.933 Sig Added
2020-09-10 16.921 Sig Added
2020-09-07 16.918 Name:Tiki.
Wiki.
ELFinder.
Arbitrary.
File.
Upload:ELFinder.
Connector.
Minimal.
php.
Arbitrary.
File.
Upload