漏洞描述
elFinder 2.1.58 is vulnerable to remote code execution. This can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.
elfinder-version: elFinder 2.1.58 - Remote Code Execution
PoC代码[已公开]
id: elfinder-version
info:
name: elFinder 2.1.58 - Remote Code Execution
author: idealphase
severity: critical
description: elFinder 2.1.58 is vulnerable to remote code execution. This can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration.
remediation: The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
reference:
- https://github.com/Studio-42/elFinder/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cwe-id: CWE-77
metadata:
max-request: 2
tags: tech,elfinder,oss,discovery
http:
- method: GET
path:
- "{{BaseURL}}/js/elfinder.min.js"
- "{{BaseURL}}/js/elFinder.version.js"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "elFinder - file manager for web"
- "elFinder.prototype.version ="
condition: or
- type: status
status:
- 200
extractors:
- type: regex
group: 1
regex:
- '\* Version (.+) \('
- "elFinder.prototype.version = '([0-9.]+)';"
# digest: 4a0a00473045022100ae3e8017989709c7bc9935c2356de81dfb4b1bf2d612951857b149339b09555e0220421203d089e6cb6cf7720058b5ff80f666afe62bd83770bccd2d4f36ede54eec:922c64590222798bb761d5b6d8e72950