PT-2021-20083 · Element It · Elements-It Http Commander

Tobias Jäger

Published

2021-07-14

Updated

2021-07-16

CVE-2021-33213

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Elements-IT HTTP Commander version 5.3.3

Description A vulnerability in the "Upload from URL" feature allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.

Recommendations For Elements-IT HTTP Commander version 5.3.3, consider disabling the "Upload from URL" feature until a patch is available to prevent exploitation. Restrict access to internal server networks to minimize the risk of unauthorized file retrieval.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-33213

Affected Products

Elements-It Http Commander

PT-2021-20083 · Element It · Elements-It Http Commander

CVE-2021-33213

Weakness Enumeration

Related Identifiers

Affected Products

References · 4