nuclei-templates/technologies/elfinder-version.yaml

44 lines
1.2 KiB
YAML

id: elfinder-version
info:
name: elFinder 2.1.58 - Remote Code Execution
author: idealphase
severity: critical
description: elFinder 2.1.58 is vulnerable to remote code execution. This can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.
remediation: The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
reference:
- https://github.com/Studio-42/elFinder/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: tech,elfinder,oss
requests:
- method: GET
path:
- "{{BaseURL}}/js/elfinder.min.js"
- "{{BaseURL}}/js/elFinder.version.js"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "elFinder - file manager for web"
- "elFinder.prototype.version ="
condition: or
- type: status
status:
- 200
extractors:
- type: regex
group: 1
regex:
- '\* Version (.+) \('
- "elFinder.prototype.version = '([0-9.]+)';"
# Enhanced by mp on 2022/07/22