Description

Due to several vulnerablility in elFinder, an attacker can execute arbitrary code and commands on the server hosting the elFinder.

Remediation

Upgrade to the latest version of elFinder

References

CVE-2021-32682

elFinder - A Case Study of Web File Manager Vulnerabilities

Related Vulnerabilities

WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)

Code Execution via WebDav

Ektron CMS multiple vulnerabilities

Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)

WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)

Severity

High

Classification

CVE-2021-32682 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution