High severityNVD Advisory· Published Jun 13, 2021· Updated Sep 16, 2024
Remote Code Execution (RCE)
CVE-2021-23394
Description
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
studio-42/elfinderPackagist | < 2.1.58 | 2.1.58 |
Affected products
2- studio-42/elfinderdescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-qm58-cvvm-c5qrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23394ghsaADVISORY
- blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilitiesghsaWEB
- blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/mitrex_refsource_MISC
- github.com/Studio-42/elFinder/commit/75ea92decc16a5daf7f618f85dc621d1b534b5e1ghsax_refsource_MISCWEB
- github.com/Studio-42/elFinder/issues/3295ghsax_refsource_MISCWEB
- github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qrghsaWEB
- snyk.io/vuln/SNYK-PHP-STUDIO42ELFINDER-1290554ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.