9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
elFinder is an open-source file manager available as a web application. A command injection vulnerability in the image handling functionality exists for versions prior to 2.1.48. This exploit requires that the exiftran
utility be installed.
Recent assessments:
space-r7 at May 09, 2019 5:57pm UTC reported:
The PHP component in the elFinder software allows unauthenticated users to upload and manipulate images.
While performing image manipulation on a JPEG, elFinder passes the fileβs name unsanitized to a command line utility called exiftran
.
By inserting arbitrary code into the JPEGβs file name, the code will get passed to the exiftran utility and be executed.
This exploit requires that exiftran
be installed to work. If exiftran
is not installed, then the software opts to use jpegtran
,
which removes exploitability. Despite the caveat listed previously, this is still a valuable exploit.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 4
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9194
github.com/Studio-42/elFinder/blob/master/README.md
github.com/Studio-42/elFinder/compare/6884c4f...0740028
github.com/Studio-42/elFinder/releases/tag/2.1.48
www.exploit-db.com/exploits/46481
www.exploit-db.com/exploits/46539
www.secsignal.org/news/cve-2019-9194-triggering-and-exploiting-a-1-day-vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P