Description

Due to several vulnerablility in elFinder, an attacker can execute arbitrary code and commands on the server hosting the elFinder.

Remediation

Upgrade to the latest version of elFinder

References

CVE-2021-32682

elFinder - A Case Study of Web File Manager Vulnerabilities

Related Vulnerabilities

Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)

Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface

WordPress Plugin Ninja Popups Multiple Vulnerabilities (4.5.3)

Oracle WebLogic Remote Code Execution via T3

VMware vCenter Server Unauthorized Remote Code Execution

Severity

High

Classification

CVE-2021-32682 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution