What is CVE-2022-26960?

CVE-2022-26960 is a vulnerability in N/a. Published 2022-03-21.

Is CVE-2022-26960 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-26960

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of a…

EPSS: 0.842 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates

References

www.synacktiv.com/publications.html (x_refsource_MISC)
github.com/Studio-42/elFinder/commit/3b758495538a448ac8830ee3559e7fb2c260c6db (x_refsource_MISC)
www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-26960?: CVE-2022-26960 is a vulnerability in N/a. Published 2022-03-21.
Is CVE-2022-26960 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.