HTTP: Studio-42 elFinder elFinderVolumeDriver Command Injection
This signature detects attempts to exploit a known vulnerability against Studio-42. A successful attack can lead to arbitrary code execution.
Extended Description
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
Affected Products
Std42 elfinder
Short Name
HTTP:CTS:STUDIO-42-EFVD-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-32682 Command Injection Studio-42 elFinder elFinderVolumeDriver
Release Date
09/27/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3422
False Positive
Unknown
Vendors
Std42
CVSS Score
7.5