[BreachExchange] Vulnerabilities Detected in Open Source elFinder File Manager

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Mon Aug 30 09:17:58 EDT 2021


https://www.ehackingnews.com/2021/08/vulnerabilities-detected-in-open-source.html

In elFinder, an open-source web file organizer, security researchers from
SonarSource identified five flaws that form a severe vulnerability chain.

The elFinder file manager is often used in content management systems and
frameworks like WordPress plugins and Symfony bundles to make it easier to
manage both local and remote files. It's written in JavaScript with the use
of jQuery UI.

The five flaws, termed CVE-2021-32682 as a group, have a CVSS score of 9.8,
which means they're highly dangerous. The vulnerability chain impacts
elFinder version 2.1.58.

According to the researchers, exploiting the vulnerabilities may allow an
intruder to run arbitrary code and instructions on the server hosting the
elFinder PHP connector. The vulnerabilities have been patched in elFinder
version 2.1.59. The five weaknesses in the chain are classified by
researchers as "innocuous bugs" that may be combined to acquire arbitrary
code execution.

The researchers noted, "We discovered multiple new code vulnerabilities in
elFinder and demonstrate how they could be exploited to gain control of the
underlying server and its data."

Update to the latest version:

According to Thomas Chauchefoin, the security researcher at SonarSource,
all users should immediately upgrade elFinder to the latest upgrade.

"There is no doubt these vulnerabilities will also be exploited in the wild
because exploits targeting old versions have been publicly released and the
connectors filenames are part of compilations of paths to look for when
trying to compromise websites."

While the researchers did not announce any publicly available exploits,
they claim that exploiting these issues can allow an attacker to run
arbitrary PHP code on the server where elFinder is installed, eventually
leading to its takeover. Attackers could then delete or remove any files
they want, upload PHP files, and so on.

"All these bug classes are very common in software that exposes filesystems
to users and are likely to impact a broad range of products, not only
elFinder," Chauchefoin added.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210830/93f3f597/attachment.html>


More information about the BreachExchange mailing list