Fixed being bypassable of CVE-2019-6257 SSRF.

CVE-2019-6257

Affected version: <2.1.49

Reported by:
FriendsOfPHP/security-advisories

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

CVE-2019-9194

Affected version: <2.1.48

Reported by:
FriendsOfPHP/security-advisories