Lucene search
SnykCVELIST:CVE-2021-23394HistoryJun 13, 2021 - 11:05 a.m.
CVE-2021-23394 Remote Code Execution (RCE)
2021-06-1311:05:11
snyk
www.cve.org
5
cve-2021-23394
remote code execution
studio-42/elfinder
.phar file
php parsing
.
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.023
Percentile
89.9%
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CNA Affected
[
{
"product": "studio-42/elfinder",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.1.58",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-23394
2021-06-13 11:15:14
cnvd
cnvd
Studio-42 Elfinder Remote Code Execution Vulnerability
2021-06-17 00:00:00
prion
prion
Remote code execution
2021-06-13 11:15:00
osv
osv
elFinder unsafe upload filtering leading to remote code execution
2021-06-15 15:51:02
CVE-2021-23394
2021-06-13 11:15:14
veracode
veracode
Unrestricted File Upload
2021-06-14 07:29:23
nvd
nvd
CVE-2021-23394
2021-06-13 11:15:14
github
github
elFinder unsafe upload filtering leading to remote code execution
2021-06-15 15:51:02
sonarsource
sonarsource
elFinder - A Case Study of Web File Manager Vulnerabilities
2021-08-17 00:00:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.023
Percentile
89.9%
Related for CVELIST:CVE-2021-23394