CVE-2021-23394

HIGH EXPLOITED NUCLEI

elFinder < 2.1.58 - Remote Code Execution via .phar File Upload

Title source: llm

Exploitation Summary

CVE-2021-23394 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including 0xnemian. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a Docker-based reproduction setup for CVE-2021-23394, an arbitrary file execution vulnerability in elFinder. It includes vulnerable (2.1.57) and patched (2.1.66) versions of elFinder running on both Apache and Nginx, allowing for testing and verification of the vulnerability using Nuclei.

Description

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.

Exploits (1)

nomisec WORKING POC

by 0xnemian · poc

https://github.com/0xnemian/CVE-2021-23394

View Code ZIP pw:eip

This repository provides a Docker-based reproduction setup for CVE-2021-23394, an arbitrary file execution vulnerability in elFinder. It includes vulnerable (2.1.57) and patched (2.1.66) versions of elFinder running on both Apache and Nginx, allowing for testing and verification of the vulnerability using Nuclei.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: elFinder 2.1.57

No auth needed

Prerequisites: Docker · Nuclei

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

elFinder < 2.1.58 - Remote Code Execution

HIGHVERIFIEDby 0xanis

Shodan: http.title:"elfinder"

FOFA: title="elfinder"

References (5)

Core 5

Core References

Third Party Advisory x_refsource_misc

https://snyk.io/vuln/SNYK-PHP-STUDIO42ELFINDER-1290554

Third Party Advisory x_refsource_misc

https://github.com/Studio-42/elFinder

Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://github.com/Studio-42/elFinder/issues/3295

Patch, Third Party Advisory x_refsource_misc

https://github.com/Studio-42/elFinder/commit/75ea92decc16a5daf7f618f85dc621d1b534b5e1

Exploit, Third Party Advisory x_refsource_misc

https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/

Scores

CVSS v3 8.1

EPSS 0.7685

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-19

CWE

CWE-434

Status published

Products (2)

std42/elfinder < 2.1.58

studio-42/elfinder 0 - 2.1.58Packagist

Published Jun 13, 2021

Tracked Since Feb 18, 2026