CVE-2021-23394 – The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) …

Vuln ID: CVE-2021-23394

Published:  2021-06-13  11:15:14Z

Description: The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file.
NOTE: This only applies if the server parses .phar files as PHP.

Source: NVD.NIST.GOV