2022-01-26 17:57:45 +00:00
id : CVE-2021-32682
info :
2022-04-21 21:16:41 +00:00
name : elFinder 2.1.58 - Remote Code Execution
2022-01-26 17:57:45 +00:00
author : smaranchand
severity : critical
2022-04-22 10:38:41 +00:00
description : elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even
with minimal configuration.
2022-01-26 17:57:45 +00:00
reference :
- https://smaranchand.com.np/2022/01/organization-vendor-application-security/
- https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities
- https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr
- https://nvd.nist.gov/vuln/detail/CVE-2021-32682
2022-01-26 17:59:10 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2022-01-26 17:59:10 +00:00
cve-id : CVE-2021-32682
cwe-id : CWE-22,CWE-78,CWE-918
2022-04-22 10:38:41 +00:00
remediation : Update to elFinder 2.1.59 or later. As a workaround, ensure the connector is not exposed without authentication.
metadata :
github : https://github.com/Studio-42/elFinder
2022-04-21 21:16:41 +00:00
tags : cve,cve2021,elfinder,misconfig,rce,oss
2022-01-26 17:57:45 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/admin/elfinder/elfinder-cke.html"
- "{{BaseURL}}/assets/backend/elfinder/elfinder-cke.html"
- "{{BaseURL}}/assets/elFinder-2.1.9/elfinder.html"
- "{{BaseURL}}/assets/elFinder/elfinder.html"
- "{{BaseURL}}/backend/elfinder/elfinder-cke.html"
- "{{BaseURL}}/elfinder/elfinder-cke.html"
- "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder-cke.html"
- "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder.html"
- "{{BaseURL}}/uploads/elfinder/elfinder-cke.html"
stop-at-first-match : true
matchers-condition : and
matchers :
- type : word
words :
- "elfinder"
- "php/connector"
condition : and
- type : status
status :
- 200
2022-04-21 21:16:41 +00:00
# Enhanced by mp on 2022/04/19