Description

Due to several vulnerablility in elFinder, an attacker can execute arbitrary code and commands on the server hosting the elFinder.

Remediation

Upgrade to the latest version of elFinder

References

CVE-2021-32682

elFinder - A Case Study of Web File Manager Vulnerabilities

Related Vulnerabilities

GlobalProtect PAN-OS RCE (CVE-2024-3400)

WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)

MobileIron Log4Shell RCE

WordPress Plugin WP Vault Local File Inclusion (0.8.6.6)

WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)

Severity

High

Classification

CVE-2021-32682 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution