Vulnerabilities > CVE-2021-32682 - Server-Side Request Forgery (SSRF) vulnerability in Std42 Elfinder

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
std42
CWE-918
critical

Summary

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.

Vulnerable Configurations

Part Description Count
Application
Std42
71

Common Weakness Enumeration (CWE)