CVE-2024-38909

critical

Description

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.

References

https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909

http://elfinder.com

Details

Source: Mitre, NVD

Published: 2024-07-30

Updated: 2025-04-28

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.0017

Detections

Analytics

CVE-2024-38909

critical

Description

References

Details

Risk Information

CVSS v2

CVSS v3

CVSS v4

EPSS