CVE-2019-5884

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-5884
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5884.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-5884
Aliases
Published
2019-01-10T08:29:00.263Z
Modified
2026-03-12T23:24:14.040006Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safemode or openbasedir is not set.

References

Affected packages

Git / github.com/studio-42/elfinder

Affected ranges

Type
GIT
Repo
https://github.com/studio-42/elfinder
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5d0bdf16873678678be3c654f4588e1eb0e4a38c
Fixed
f133163f2d754584de65d718b2fde96191557316
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.1.45"
        }
    ]
}

Affected versions

1.*
1.0.1
1.1
2.*
2.0-beta
2.0-rc1
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.2
2.1.20
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.27
2.1.28
2.1.29
2.1.3
2.1.30
2.1.31
2.1.32
2.1.33
2.1.34
2.1.35
2.1.36
2.1.37
2.1.38
2.1.39
2.1.4
2.1.40
2.1.41
2.1.42
2.1.43
2.1.44
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5884.json"