.. / CVE-2021-32682

Exploit for elFinder 2.1.58 - Remote Code Execution (CVE-2021-32682)

Description:

elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.

Nuclei Template

View the template here CVE-2021-32682.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-32682.yaml

References:

https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr
https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17
https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities
https://nvd.nist.gov/vuln/detail/CVE-2021-32682
https://smaranchand.com.np/2022/01/organization-vendor-application-security/

.. / CVE-2021-32682 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for elFinder 2.1.58 - Remote Code Execution (CVE-2021-32682)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-32682