[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-26927":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":42,"name":43,"published":44,"updated":34},26927,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},2,"Nuclei",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":34,"epss_score":34,"epss_percentile":34,"cve":34,"in_cisa_catalog":41,"date":34,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"critical","The risk exists that the data is unknowingly exposed to the internet, making it accessible to remote threat actors that can leverage it to attack the target, or the entire company, depending on the sensitivity of the data.","Identifies Drupal sites with the elfinder library installed, which could be vulnerable to unrestricted file upload through the connector.php file.When this component is detected, the site may be vulnerable to remote code execution attacks via PHP file uploads.This template only detects the presence of the vulnerable component and does not perform any exploitation.","Remove the elfinder library if not needed, or implement proper file upload restrictions and input validation. Additionally, consider implementing Web Application Firewall rules to block access to the connector.php file.",[40],"https://github.com/Kro0oz/drupal-7-elfinder",false,"NETSCAN-NUCLEI-EXPOSURES-DRUPAL7-ELFINDER-RCE","Drupal 7 Elfinder - Remote Code Execution","2025-03-24T00:00:00Z"]