Plattform
php
Komponente
studio-42/elfinder
Behoben in
2.1.59
2.1.59
CVE-2021-32682 is a critical Remote Code Execution (RCE) vulnerability affecting versions of studio-42/elfinder up to 2.1.9. This vulnerability allows attackers to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The vulnerability was addressed in version 2.1.59, and workarounds are available for those unable to immediately upgrade.
The impact of CVE-2021-32682 is severe. An attacker who successfully exploits this vulnerability can gain complete control over the server hosting the elFinder instance. This includes the ability to read, modify, and delete files, execute system commands, and potentially pivot to other systems on the network. The minimal configuration requirement means that even basic deployments are vulnerable, significantly expanding the attack surface. This vulnerability shares similarities with other file management system exploits where attackers leverage insufficient access controls to execute malicious code.
This vulnerability was publicly disclosed on June 16, 2021. Further technical details are expected to be released by Sonarsource on their security blog. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the critical nature of the vulnerability make it a likely target for attackers. It is recommended to prioritize patching or implementing workarounds.
Organizations using elFinder for file management, particularly those with minimal authentication or exposed connectors, are at significant risk. Shared hosting environments where multiple users share the same server are especially vulnerable, as a compromise of one user's elFinder instance could lead to a broader system compromise.
• php: Check for elFinder installations with versions prior to 2.1.59.
find / -name "elfinder.php" -print0 | xargs -0 grep "version 2.1.9" • generic web: Monitor access logs for requests containing suspicious file manipulation attempts targeting elFinder endpoints. • generic web: Check response headers for unexpected content or error messages related to elFinder operations.
disclosure
patch
Exploit-Status
EPSS
92.77% (100% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2021-32682 is to upgrade to version 2.1.59 or later. If immediate upgrading is not possible, restrict access to the elFinder connector to authenticated users only. This can be achieved through proper access control lists (ACLs) and authentication mechanisms within your web server configuration. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious requests targeting elFinder endpoints. After upgrading, confirm the fix by attempting to execute a command through the elFinder interface and verifying that it is denied.
Actualice el componente elFinder a la versión 2.1.59 o superior. Como alternativa, asegúrese de que el conector no esté expuesto sin autenticación.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-32682 is a critical Remote Code Execution vulnerability in elFinder versions up to 2.1.9, allowing attackers to execute arbitrary code on the server.
You are affected if you are using elFinder versions 2.1.9 or earlier. Check your installation version immediately.
Upgrade to version 2.1.59 or later. If immediate upgrade is not possible, enforce strict authentication for the elFinder connector.
While no confirmed exploitation has been publicly reported, the vulnerability's severity and ease of exploitation suggest a high probability of active exploitation.
Refer to the Sonarsource blog for further technical details: https://blog.sonarsource.com/tag/security
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.