id: CVE-2021-32682 info: name: elFinder 2.1.58 - Remote Code Execution author: smaranchand severity: critical description: elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: Update to elFinder 2.1.59 or later. As a workaround, ensure the connector is not exposed without authentication. reference: - https://smaranchand.com.np/2022/01/organization-vendor-application-security/ - https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities - https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr - https://nvd.nist.gov/vuln/detail/CVE-2021-32682 - https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-32682 cwe-id: CWE-22 epss-score: 0.97283 epss-percentile: 0.99839 cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:* metadata: max-request: 9 vendor: std42 product: "elfinder" github: https://github.com/Studio-42/elFinder tags: cve2021,cve,elfinder,misconfig,rce,oss,std42 http: - method: GET path: - "{{BaseURL}}/admin/elfinder/elfinder-cke.html" - "{{BaseURL}}/assets/backend/elfinder/elfinder-cke.html" - "{{BaseURL}}/assets/elFinder-2.1.9/elfinder.html" - "{{BaseURL}}/assets/elFinder/elfinder.html" - "{{BaseURL}}/backend/elfinder/elfinder-cke.html" - "{{BaseURL}}/elfinder/elfinder-cke.html" - "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder-cke.html" - "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder.html" - "{{BaseURL}}/uploads/elfinder/elfinder-cke.html" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "elfinder" - "php/connector" condition: and - type: status status: - 200 # digest: 4b0a00483046022100dcb41a26b0c79438e651ac5352ab3d6de74dafa8d9f2d52dda98d23151359229022100ebaf5e5e7e71e8dcb8a212daa8863bd212cfffc130cbbf2be9404c0b1c1e9b3f:922c64590222798bb761d5b6d8e72950