Platform
php
Component
studio-42/elfinder
Fixed in
2.1.59
2.1.59
CVE-2021-32682 is a critical Remote Code Execution (RCE) vulnerability affecting versions of studio-42/elfinder up to 2.1.9. This vulnerability allows attackers to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The vulnerability was addressed in version 2.1.59, and workarounds are available for those unable to immediately upgrade.
The impact of CVE-2021-32682 is severe. An attacker can gain complete control of the server hosting the elFinder instance. This could lead to data breaches, system compromise, and potential lateral movement within the network. The ability to execute arbitrary commands bypasses standard security controls and allows for a wide range of malicious activities, including installing malware, stealing sensitive data, and disrupting services. The minimal configuration requirement significantly broadens the attack surface, making many deployments vulnerable.
This vulnerability has garnered significant attention due to its critical severity and ease of exploitation. While a public proof-of-concept was not immediately available, the potential for widespread exploitation is high. Further technical details are expected to be disclosed on the Sonarsource blog. The vulnerability was publicly disclosed on 2021-06-16.
Exploit Status
EPSS
92.77% (100% percentile)
CVSS Vector
The primary mitigation for CVE-2021-32682 is to upgrade to version 2.1.59 or later. If an immediate upgrade is not possible, implement strict authentication requirements for the elFinder connector. Ensure that the connector is not exposed without authentication to prevent unauthorized access. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious requests targeting elFinder. Regularly review elFinder configuration and access logs for suspicious activity.
Update the elFinder component to version 2.1.59 or higher. Alternatively, ensure that the connector is not exposed without authentication.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-32682 is a critical Remote Code Execution vulnerability in elFinder versions up to 2.1.9, allowing attackers to execute arbitrary code on the server.
You are affected if you are using elFinder versions 2.1.9 or earlier. Check your installation version immediately.
Upgrade to version 2.1.59 or later. If immediate upgrade is not possible, enforce strict authentication for the elFinder connector.
While no confirmed exploitation has been publicly reported, the vulnerability's severity and ease of exploitation suggest a high probability of active exploitation.
Refer to the Sonarsource blog for further technical details: https://blog.sonarsource.com/tag/security
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.