HomePentest-Tools.com Logo

elFinder 2.1.58 - Remote Code Execution CVE-2021-32682

Severity
CVSSv3 Score
9.8
Vulnerability description

elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Update to elFinder 2.1.59 or later. As a workaround, ensure the connector is not exposed without authentication.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jun 14, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available