Severity: Critical
CVSS Score: 9.8
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.