elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.Referenceshttps://github.com/Studio-42/elFinder/compare/6884c4f...0740028https://github.com/Studio-42/elFinder/releases/tag/2.1.48https://www.exploit-db.com/exploits/46539/https://www.exploit-db.com/exploits/46481/https://github.com/Studio-42/elFinder/blob/master/README.md
