Description

Due to several vulnerablility in elFinder, an attacker can execute arbitrary code and commands on the server hosting the elFinder.

Remediation

Upgrade to the latest version of elFinder

References

CVE-2021-32682

elFinder - A Case Study of Web File Manager Vulnerabilities

Related Vulnerabilities

Ivanti Sentry Authentication Bypass (CVE-2023-38035)

WordPress Plugin Woocommerce-Recent Purchases Local File Inclusion (1.0.1)

Telerik Web UI Unrestricted File Upload (CVE-2014-2217)

WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)

WordPress Plugin CiviCRM Remote Code Execution (5.24.2)

Severity

High

Classification

CVE-2021-32682 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution