CVE-2021-23394

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt