elFinder PHP Connector < 2.1.48 - exiftran Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is...

elFinder Command Injection v<2.1.48

elFinder is an open-source file manager available as a web application. A command injection vulnerability in the image handling functionality exists for versions prior to 2.1.48. This exploit requires that the exiftran utility be installed. Recent assessments: space-r7 at May 09, 2019 5:57pm UTC...