CVE-2021-32172

Name of the Vulnerable Software and Affected Versions: Maian Cart version 3.8

Description: The issue is related to a preauthorization remote code execution (RCE) exploit due to a broken access control problem in the Elfinder plugin. This allows for potential remote code execution without proper authorization.

Recommendations: For Maian Cart version 3.8, consider disabling the Elfinder plugin as a temporary workaround until a patch is available. Restrict access to the Elfinder plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.