id: CVE-2021-32682 info: name: elFinder 2.1.58 - Remote Code Execution author: smaranchand severity: critical description: elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. reference: - https://smaranchand.com.np/2022/01/organization-vendor-application-security/ - https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities - https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr - https://nvd.nist.gov/vuln/detail/CVE-2021-32682 remediation: Update to elFinder 2.1.59 or later. As a workaround, ensure the connector is not exposed without authentication. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-32682 cwe-id: CWE-22,CWE-78,CWE-918 cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:* epss-score: 0.97239 metadata: max-request: 9 github: https://github.com/Studio-42/elFinder tags: cve,cve2021,elfinder,misconfig,rce,oss http: - method: GET path: - "{{BaseURL}}/admin/elfinder/elfinder-cke.html" - "{{BaseURL}}/assets/backend/elfinder/elfinder-cke.html" - "{{BaseURL}}/assets/elFinder-2.1.9/elfinder.html" - "{{BaseURL}}/assets/elFinder/elfinder.html" - "{{BaseURL}}/backend/elfinder/elfinder-cke.html" - "{{BaseURL}}/elfinder/elfinder-cke.html" - "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder-cke.html" - "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder.html" - "{{BaseURL}}/uploads/elfinder/elfinder-cke.html" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "elfinder" - "php/connector" condition: and - type: status status: - 200 # Enhanced by mp on 2022/04/19