nuclei-templates/http/cves/2021/CVE-2021-32682.yaml

58 lines
2.4 KiB
YAML

id: CVE-2021-32682
info:
name: elFinder 2.1.58 - Remote Code Execution
author: smaranchand
severity: critical
description: elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
remediation: Update to elFinder 2.1.59 or later. As a workaround, ensure the connector is not exposed without authentication.
reference:
- https://smaranchand.com.np/2022/01/organization-vendor-application-security/
- https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities
- https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr
- https://nvd.nist.gov/vuln/detail/CVE-2021-32682
- https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-32682
cwe-id: CWE-22
epss-score: 0.97283
epss-percentile: 0.99839
cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:*
metadata:
max-request: 9
vendor: std42
product: "elfinder"
github: https://github.com/Studio-42/elFinder
tags: cve2021,cve,elfinder,misconfig,rce,oss,std42
http:
- method: GET
path:
- "{{BaseURL}}/admin/elfinder/elfinder-cke.html"
- "{{BaseURL}}/assets/backend/elfinder/elfinder-cke.html"
- "{{BaseURL}}/assets/elFinder-2.1.9/elfinder.html"
- "{{BaseURL}}/assets/elFinder/elfinder.html"
- "{{BaseURL}}/backend/elfinder/elfinder-cke.html"
- "{{BaseURL}}/elfinder/elfinder-cke.html"
- "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder-cke.html"
- "{{BaseURL}}/uploads/assets/backend/elfinder/elfinder.html"
- "{{BaseURL}}/uploads/elfinder/elfinder-cke.html"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "elfinder"
- "php/connector"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100dcb41a26b0c79438e651ac5352ab3d6de74dafa8d9f2d52dda98d23151359229022100ebaf5e5e7e71e8dcb8a212daa8863bd212cfffc130cbbf2be9404c0b1c1e9b3f:922c64590222798bb761d5b6d8e72950