Lucene search
K

8 matches found

WPVulnDB
WPVulnDB
added 2022/03/14 12:0 a.m.35 views

Library File Manager < 5.2.3 - Subscriber+ Arbitrary File Creation/Upload/Deletion

The plugin is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, a...

9.8CVSS0.8AI score0.69934EPSS
Exploits6Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/12/30 12:0 a.m.120 views

ElFinder File Manager Command Injection (CVE-2021-32682)

A command injection vulnerability exists in ElFinder. The vulnerability is due to insufficient validation of the file name when creating an archive...

7.5CVSS2.6AI score0.69934EPSS
Exploits5
Metasploit
Metasploit
added 2021/09/20 5:41 p.m.174 views

elFinder Archive Command Injection

elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT...

9.8CVSS9AI score0.69934EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2021/09/17 7:59 p.m.150 views

Metasploit Wrap-Up

Clone your way to code execution We’ve had a busy week bringing you exploits, features, enhancements, and fixes. Exploit modules for Git and El Finder lead the pack this week with an information disclosure against Jira and a post exploitation module targeting Geutebruck white-labelled cameras to...

10CVSS0.1AI score0.99603EPSS
Exploits27
Packet Storm
Packet Storm
added 2021/09/15 12:0 a.m.1181 views

elFinder Archive Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder Archive Command Injection', 'Description' = %q elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via it...

9.8CVSS0.4AI score0.69934EPSS
Exploits5
SonarSource Blog
SonarSource Blog
added 2021/08/17 12:0 a.m.202 views

elFinder - A Case Study of Web File Manager Vulnerabilities

An application’s interaction with the file system is always highly security sensitive, since minor functional bugs can easily be the source of exploitable vulnerabilities. This observation is especially true in the case of web file managers, whose role is to replicate the features of a complete...

7.5CVSS9.8AI score0.69934EPSS
Exploits6
OpenVAS
OpenVAS
added 2021/06/15 12:0 a.m.26 views

elFinder < 2.1.59 Multiple Vulnerabilities (GHSA-wph3-44rj-92pr)

elFinder is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:std42:elfinder"; ifdescription...

9.8CVSS8.4AI score0.69934EPSS
Exploits5References1
Circl
Circl
added 2021/06/14 8:37 p.m.48 views

CVE-2021-32682

creationtimestamp| type| source ---|---|--- 2021-06-14 20:37:46+00:00| seen| https://t.me/cibsecurity/25440 2021-08-23 12:07:01+00:00| seen| https://t.me/CyberSecurityTechnologies/4133 2021-08-30 20:03:05+00:00| seen| https://t.me/cKure/6873 2021-09-14 18:27:38+00:00| seen|...

9.8CVSS7.3AI score0.69934EPSS
Exploits5References7
Rows per page
Query Builder