Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2023-0176
Good to know:
Date: June 14, 2023
Path Traversal vulnerability in PHP LocalVolumeDriver connector
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22Top Fix
Upgrade Version
Upgrade to version recca0120/elfinder - v1.1.1;alphalemon/elfinder-bundle - 1.0.0;studio-42/elfinder - 2.1.x-dev;studio-42/elfinder - 2.1.41;studio-42/elfinder - 2.1.60;studio-42/elfinder - 1.0.1;playground/design - 1.2.1;wufeifei/grw - no_fix;hgati/magento-1-page-builder-module - no_fix;ttek/tk-base - 1.0.50;ttek/tk-base - 3.0.98;ttek/tk-base - 3.0.2;ttek/tk-base - 3.2.96;ttek/tk-base - 3.2.64;ttek/tk-base - 1.0.0;ttek/tk-base - 3.0.24;ttek/tk-base - 3.2.104;ttek/tk-base - 3.2.112;ttek/tk-base - 8.0.0;ttek/tk-base - 3.0.62;ttek/tk-base - 1.0.156;ttek/tk-base - 3.0.76;ttek/tk-base - 3.0.42;ttek/tk-base - 3.2.108;ttek/tk-base - 3.0.84;ttek/tk-base - 3.2.136;offerel/storage - no_fix;offerel/storage - 1.0.1;silverkix/cms-bundle - no_fix;rob006/yii-elfinder2 - 1.0.1;rob006/yii-elfinder2 - 1.1.3;rob006/yii-elfinder2 - 1.1.6;rob006/yii-elfinder2 - 1.0.0;basdog22/laracms_nopublic - no_fix;copona/copona - dev-newcart;copona/copona - dev-dependabot/composer/league/flysystem-1.1.4;copona/copona - dev-checkout_new;copona/copona - dev-pdf;copona/copona - dev-dependabot/composer/twig/twig-2.14.11;redkite-labs/redkite-labs-elfinder-bundle - 1.1.3.5;redkite-labs/redkite-labs-elfinder-bundle - v1.1.3;redkite-labs/redkite-labs-elfinder-bundle - 1.1.x-dev;maddoger/yii2-elfinder - no_fix;maddoger/yii2-elfinder - v.1.0.0;bigbrush/yii2-big - 1.2.9;bigbrush/yii2-big - 1.0.0;bigbrush/yii2-big - no_fix;helios-ag/fm-elfinder - 2.1.1;helios-ag/fm-elfinder - 1.0.1;helios-ag/fm-elfinder - v2.0;nickbur/divinecms - no_fix;gekomod/files-bundle - 0.2;gekomod/files-bundle - no_fix;simple-mvc-framework/v2 - v2.0-beta.1;simple-mvc-framework/v2 - v3.78.24;simple-mvc-framework/v2 - 4.0.1;nova-framework/framework - 4.0.1;nova-framework/framework - v3.78.24;nova-framework/framework - v2.0-beta.1;nova-framework/cms - no_fix;playground/playground - no_fix;dirmax/zettaframework - v1.0;dirmax/zettaframework - v1.1.43;dirmax/zettaframework - v1.1.46;dirmax/zettaframework - no_fix;nao-pon/elfinder-nightly - no_fix;nao-pon/elfinder-nightly - dev-2.0_n;ecnet/admin - 1.0;genix/cms - v0.0.1;genix/cms - v1.1.12.x-dev;genix/cms - no_fix;uom/tk-base - 3.4.16;uom/tk-base - 1.0.140;uom/tk-base - no_fix;intelliants/subrion - no_fix;research-nk/rnk-elfinder-bundle - no_fix;serhatozles/yii2-elfinder - no_fix;romjkeeeen/fix-cms-core1 - no_fix;herurahmat/rimbun - no_fix;semisalov/fix-cms-core - no_fix;components/elfinder - 3.0-alpha;a70838697/yii2elfinder - no_fix;keltanas/site-forever-cms - 0.5.x-dev;alxishin/elfinder - no_fix;skcms/admin-bundle - no_fix;imagecms/imagecms - v4.9;whole/core - no_fix;herurahmat/rimbunci3 - no_fix;gyman/supr - no_fix;laraflat/laraflat - no_fix;nickbur/sunrisecms - no_fix;yukisaw/elfinder - no_fix;runcmf/runbb-ext-markitup - no_fix;ci4-cms-erp/ci4ms - dev-master;ci4-cms-erp/ci4ms - 0.21.0;pkrs/pkrs-framework - 0.1.8;gekomod/files-admin-bundle - no_fix;adfab/core - no_fix;adfab/core - 0.3.2;tugumuda/helpers - no_fix;nova-framework/novacms - no_fix;redkite-labs/redkite-cms - 1.1.3.5;wtolk/adfm-elfinder - no_fix;phpffcms/ffcms-elfinder - no_fix;siteforever/site-forever-cms - 0.5.x-dev;basdog22/laracms - no_fix;Lionbridge.FlexFrame.WebUI - no_fix;mofei/oneone - no_fix;org.webjars.npm:github-com-Studio-42-elFinder:no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | NONE |
| Availability (A): | NONE |