58 lines
2.4 KiB
YAML
58 lines
2.4 KiB
YAML
id: CVE-2021-32682
|
|
|
|
info:
|
|
name: elFinder 2.1.58 - Remote Code Execution
|
|
author: smaranchand
|
|
severity: critical
|
|
description: elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
|
|
remediation: Update to elFinder 2.1.59 or later. As a workaround, ensure the connector is not exposed without authentication.
|
|
reference:
|
|
- https://smaranchand.com.np/2022/01/organization-vendor-application-security/
|
|
- https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities
|
|
- https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-32682
|
|
- https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2021-32682
|
|
cwe-id: CWE-22
|
|
epss-score: 0.97312
|
|
epss-percentile: 0.99872
|
|
cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 9
|
|
vendor: std42
|
|
product: elfinder
|
|
github: https://github.com/Studio-42/elFinder
|
|
tags: cve2021,cve,elfinder,misconfig,rce,oss,std42
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/admin/elfinder/elfinder-cke.html"
|
|
- "{{BaseURL}}/assets/backend/elfinder/elfinder-cke.html"
|
|
- "{{BaseURL}}/assets/elFinder-2.1.9/elfinder.html"
|
|
- "{{BaseURL}}/assets/elFinder/elfinder.html"
|
|
- "{{BaseURL}}/backend/elfinder/elfinder-cke.html"
|
|
- "{{BaseURL}}/elfinder/elfinder-cke.html"
|
|
- "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder-cke.html"
|
|
- "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder.html"
|
|
- "{{BaseURL}}/uploads/elfinder/elfinder-cke.html"
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "elfinder"
|
|
- "php/connector"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100891445582747005f77c467433863b81c6f5d744aa8c6ee883640d50d73ac05ed022044c7e78a8d9b27f194c849acd9752e062f115f3ce036d46d7a8562613bbe948b:922c64590222798bb761d5b6d8e72950 |