CVE-2021-23394

HIGH EXPLOITED NUCLEI

Std42 Elfinder < 2.1.58 - Unrestricted File Upload

Title source: rule

Description

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.

Exploits (1)

nomisec WORKING POC

by 0xnemian · poc

https://github.com/0xnemian/CVE-2021-23394

View Code ZIP pw:eip

Nuclei Templates (1)

elFinder < 2.1.58 - Remote Code Execution

HIGHVERIFIEDby 0xanis

Shodan: http.title:"elfinder"

FOFA: title="elfinder"

References (5)

[Exploit, Third Party Advisory] https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/

[Third Party Advisory] https://github.com/Studio-42/elFinder

[Patch, Third Party Advisory] https://github.com/Studio-42/elFinder/commit/75ea92decc16a5daf7f618f85dc621d1b534b5e1

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/Studio-42/elFinder/issues/3295

[Third Party Advisory] https://snyk.io/vuln/SNYK-PHP-STUDIO42ELFINDER-1290554

Scores

CVSS v3 8.1

EPSS 0.7736

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-19

CWE

CWE-434

Status published

Products (2)

std42/elfinder < 2.1.58

studio-42/elfinder 0 - 2.1.58Packagist

Published Jun 13, 2021

Tracked Since Feb 18, 2026