Vulnerability Description
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Std42 | Elfinder | < 2.1.48 |
Related Weaknesses (CWE)
References
- https://github.com/Studio-42/elFinder/blob/master/README.mdProductThird Party Advisory
- https://github.com/Studio-42/elFinder/compare/6884c4f...0740028PatchThird Party Advisory
- https://github.com/Studio-42/elFinder/releases/tag/2.1.48Release NotesThird Party Advisory
- https://www.exploit-db.com/exploits/46481/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/46539/ExploitThird Party AdvisoryVDB Entry
- https://github.com/Studio-42/elFinder/blob/master/README.mdProductThird Party Advisory
- https://github.com/Studio-42/elFinder/compare/6884c4f...0740028PatchThird Party Advisory
- https://github.com/Studio-42/elFinder/releases/tag/2.1.48Release NotesThird Party Advisory
- https://www.exploit-db.com/exploits/46481/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/46539/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2019-9194?
CVE-2019-9194 is a vulnerability with a CVSS score of 9.8 (CRITICAL). elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
How severe is CVE-2019-9194?
CVE-2019-9194 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-9194?
Check the references section above for vendor advisories and patch information. Affected products include: Std42 Elfinder.