CVE-2021-32682

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions elFinder versions 2.1.58

Description The issue is related to the incorrect implementation of the authentication mechanism in the elFinder file manager. This can allow a remote attacker to execute arbitrary code. Several vulnerabilities affect elFinder, allowing an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.

Recommendations For elFinder version 2.1.58, update to version 2.1.59 to resolve the issue. As a temporary workaround for version 2.1.58, ensure the connector is not exposed without authentication.

Exploit

Fix

SSRF

Path traversal

OS Command Injection

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-22CWE-78CWE-306

Related Identifiers

BDU:2021-03303

CVE-2021-32682

GHSA-WPH3-44RJ-92PR

Affected Products

Elfinder

CVE-2021-32682

Weakness Enumeration

Related Identifiers

Affected Products

References · 24