Critical severityNVD Advisory· Published Jun 14, 2021· Updated Aug 3, 2024
Multiple vulnerabilities leading to RCE
CVE-2021-32682
Description
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
studio-42/elfinderPackagist | < 2.1.59 | 2.1.59 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-wph3-44rj-92prghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32682ghsaADVISORY
- packetstormsecurity.com/files/164173/elFinder-Archive-Command-Injection.htmlghsax_refsource_MISCWEB
- blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilitiesghsaWEB
- blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/mitrex_refsource_MISC
- github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17ghsax_refsource_MISCWEB
- github.com/Studio-42/elFinder/security/advisories/GHSA-qm58-cvvm-c5qrghsaWEB
- github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92prghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.