Description

Due to several vulnerablility in elFinder, an attacker can execute arbitrary code and commands on the server hosting the elFinder.

Remediation

Upgrade to the latest version of elFinder

References

CVE-2021-32682

elFinder - A Case Study of Web File Manager Vulnerabilities

Related Vulnerabilities

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Remote Code Execution (4.1.0.1)

WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)

WordPress Plugin Image Export Arbitrary File Download (1.1.0)

vBulletin 5.x 0day pre-auth RCE

WordPress Plugin WP-Client Lite::Client Portals, File Sharing, Messaging & Invoicing Local File Inclusion (1.1.1)

Severity

High

Classification

CVE-2021-32682 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution