2022-04-10 07:44:36 +00:00
id : elfinder-version
info :
2022-07-26 13:45:11 +00:00
name : elFinder 2.1.58 - Remote Code Execution
2022-04-10 07:44:36 +00:00
author : idealphase
2022-07-26 13:45:11 +00:00
severity : critical
description : elFinder 2.1.58 is vulnerable to remote code execution. This can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.
remediation : The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
2022-04-10 07:44:36 +00:00
reference :
- https://github.com/Studio-42/elFinder/
2022-07-26 13:45:11 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2023-10-14 11:27:55 +00:00
cvss-score : 10
2022-07-26 13:45:11 +00:00
cwe-id : CWE-77
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-10-14 11:27:55 +00:00
tags : tech,elfinder,oss
2022-04-10 07:44:36 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-04-10 07:44:36 +00:00
- method : GET
path :
- "{{BaseURL}}/js/elfinder.min.js"
2022-04-12 13:38:36 +00:00
- "{{BaseURL}}/js/elFinder.version.js"
2022-04-10 07:44:36 +00:00
matchers-condition : and
matchers :
- type : word
part : body
words :
- "elFinder - file manager for web"
2022-04-12 13:38:36 +00:00
- "elFinder.prototype.version ="
condition : or
2022-04-10 07:44:36 +00:00
- type : status
status :
- 200
extractors :
- type : regex
group : 1
regex :
2022-04-12 13:44:04 +00:00
- '\* Version (.+) \('
- "elFinder.prototype.version = '([0-9.]+)';"
2023-10-20 11:41:13 +00:00
# digest: 4a0a0047304502203fd42f01a45120d89be9dbccf02f4640a8984cb9e3354cfc80b84bd9e7f0b1c1022100b7a056d3efbf71d6eca1b3c8b3536b6bb31863d3092564f71ac5fadb59197072:922c64590222798bb761d5b6d8e72950