Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

elFinder RCE (CVE-2021-32682)

Description

Due to several vulnerablility in elFinder, an attacker can execute arbitrary code and commands on the server hosting the elFinder.

Remediation

Upgrade to the latest version of elFinder

References

elFinder - A Case Study of Web File Manager Vulnerabilities

Related Vulnerabilities

Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9)

HipChat for JIRA plugin - Velocity template injection

Apache Shiro Deserialization RCE

Elasticsearch remote code execution

WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)

Severity

High

Classification

CVE-2021-32682 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution