[CRITICAL] elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

PKSA-hs9f-pnbw-hxkp CVE-2019-9194 GHSA-4223-qj94-7x9p

Affected package: studio-42/elfinder

Affected version: <2.1.48

Reported by:
GitHub, FriendsOfPHP/security-advisories