CVE-2022-27115 (remote code execution)

[kisuka]

In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.

https://github.com/Studio-42/elFinder/issues/3458 https://nvd.nist.gov/vuln/detail/CVE-2022-27115

[barryvdh]

If you update with composer you should get the .62 version already. But I've bumped it to make sure it doesn't allow older versions; https://github.com/barryvdh/elfinder-flysystem-driver/commit/d9453b082fb6aba122ebdf2184214d980d07b115