CVE-2021-23407— Directory Traversal

CVSS 7.5 · High EPSS 0.53% · P67 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-23407

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Directory Traversal

Source: NVD (National Vulnerability Database)

Vulnerability Description

This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

elFinder 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

elFinder是一套基于Drupal平台的、开源的AJAX文件管理器。该产品提供多文件上传、图像缩放等功能。 elFinder.Net.Core 存在安全漏洞，该漏洞源于用户控制的文件名在用于创建文件系统路径之前未正确清理。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	elFinder.Net.Core	0 ~ unspecified	-

II. Public POCs for CVE-2021-23407

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-23407

请登录查看更多情报信息。

https://github.com/trannamtrung1st/elFinder.Net.Core/releases/tag/all-1.2.4x_refsource_MISC
https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73x_refsource_MISC
https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1315152x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-23407

Same Patch Batch · n/a · 2021-07-14 · 59 CVEs total

CVE-2021-0597		Google Android 信息泄露漏洞
CVE-2021-0144		Intel BIOS Shared SW Architecture 授权问题漏洞
CVE-2021-35469		Lexmark Printer Software 代码问题漏洞
CVE-2021-24116		wolfSSL 安全漏洞
CVE-2021-24117		Baidu Rust SGX SDK 安全漏洞
CVE-2021-22318		Huawei HarmonyOS 代码问题漏洞
CVE-2021-0590		Google Android 安全漏洞
CVE-2021-33212		Elements-IT HTTP Commander 跨站脚本漏洞
CVE-2021-0599		Google Android 信息泄露漏洞
CVE-2021-0594		Google Android 注入漏洞
CVE-2021-0441		Google Android 安全漏洞
CVE-2021-0518		Google Android 信息泄露漏洞
CVE-2021-0588		Google Android 信息泄露漏洞
CVE-2021-0602		Google Android 信息泄露漏洞
CVE-2021-0600		Google Android 输入验证错误漏洞
CVE-2021-0604		Google Android 安全漏洞
CVE-2021-0601		Google Android 资源管理错误漏洞
CVE-2021-0589		Google Android 缓冲区错误漏洞
CVE-2021-0596		Google Android 缓冲区错误漏洞
CVE-2021-0586		Google Android 安全漏洞

Showing top 20 of 59 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2021-23407

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-23407— Directory Traversal

I. Basic Information for CVE-2021-23407

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-23407

III. Intelligence Information for CVE-2021-23407

Same Patch Batch · n/a · 2021-07-14 · 59 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-23407

Leave a comment