CVE-2021-46398

Name of the Vulnerable Software and Affected Versions Filebrowser versions prior to 2.18.0

Description A Cross-Site Request Forgery vulnerability exists in Filebrowser that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. This can lead to Remote Code Execution (RCE) as an admin can run commands using the FileBrowser.

Recommendations For versions prior to 2.18.0, update to version 2.18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the FileBrowser to minimize the risk of exploitation.