CVE-2019-5884
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-5884
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5884.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-5884
- Aliases
- Published
- 2019-01-10T08:29:00.263Z
- Modified
- 2025-11-14T09:50:13.024451Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safemode or openbasedir is not set.
- References
Affected packages
Git / github.com/studio-42/elfinder
Affected ranges
- Type
- GIT
- Repo
- https://github.com/studio-42/elfinder
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.0.1
1.1
2.*
2.0-beta
2.0-rc1
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.2
2.1.20
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.27
2.1.28
2.1.29
2.1.3
2.1.30
2.1.31
2.1.32
2.1.33
2.1.34
2.1.35
2.1.36
2.1.37
2.1.38
2.1.39
2.1.4
2.1.40
2.1.41
2.1.42
2.1.43
2.1.44
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9