Home > Vulnerability Database > CVE-2021-32682

Mend.io Vulnerability Database

CVE-2021-32682

Good to know:

Date: June 14, 2021

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.

Language: PHP

Severity Score

9.8

Related Resources (6)

Url: https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17

Url: https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr

Url: https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-32682

Url: http://packetstormsecurity.com/files/164173/elFinder-Archive-Command-Injection.html

Url: https://www.mend.io/vulnerability-database/CVE-2021-32682

Severity Score

9.8

Weakness Type (CWE)

OS Command Injections

CWE-78

Path Traversal

CWE-22

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version 2.1.59

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-32682

Good to know:

Date: June 14, 2021

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?