Description
Due to several vulnerablility in elFinder, an attacker can execute arbitrary code and commands on the server hosting the elFinder.
Remediation
Upgrade to the latest version of elFinder
References
Related Vulnerabilities
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Local File Inclusion (1.5.24)
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.7)
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)
WordPress Plugin Similar Posts-Best Related Posts for WordPress Remote Code Execution (3.1.5)