Description

Due to several vulnerablility in elFinder, an attacker can execute arbitrary code and commands on the server hosting the elFinder.

Remediation

Upgrade to the latest version of elFinder

References

CVE-2021-32682

elFinder - A Case Study of Web File Manager Vulnerabilities

Related Vulnerabilities

WordPress Plugin WP Payeezy Pay Local File Inclusion (2.97)

WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup Multiple Vulnerabilities (4.11.33)

WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)

Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)

WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44)

Severity

High

Classification

CVE-2021-32682 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution