Vulnerability Details : CVE-2021-23428
This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2021-23428
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less