Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

elFinder RCE (CVE-2021-32682)

Description

Due to several vulnerablility in elFinder, an attacker can execute arbitrary code and commands on the server hosting the elFinder.

Remediation

Upgrade to the latest version of elFinder

References

elFinder - A Case Study of Web File Manager Vulnerabilities

Related Vulnerabilities

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Directory Traversal (5.1.4)

Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability

WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)

Apache 2.2.14 mod_isapi Dangling Pointer

WordPress Plugin WordPress File Upload Directory Traversal (4.12.2)

Severity

High

Classification

CVE-2021-32682 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution