CVE-2021-32682

CRITICAL NUCLEI

elFinder < 2.1.59 - Remote Code Execution via Archive Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-32682. PoCs published by Thomas Chauchefoin, Shelby Pace, including Metasploit module exploits/linux/http/elfinder_archive_cmd_injection. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in elFinder versions below 2.1.59 via the archive functionality. It bypasses `escapeshellarg()` sanitization by injecting the `-TmTT` argument into the `name` parameter, allowing arbitrary command execution as the `www-data` user.

Description

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Thomas Chauchefoin, Shelby Pace · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/elfinder_archive_cmd_injection.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in elFinder versions below 2.1.59 via the archive functionality. It bypasses `escapeshellarg()` sanitization by injecting the `-TmTT` argument into the `name` parameter, allowing arbitrary command execution as the `www-data` user.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: elFinder < 2.1.59

No auth needed

Prerequisites: Access to elFinder's connector endpoint · Ability to upload files and create archives

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

elFinder 2.1.58 - Remote Code Execution

CRITICALby smaranchand

References (4)

Core 4

Core References

Third Party Advisory x_refsource_confirm

https://github.com/Studio-42/elFinder/security/advisories/GHSA-wph3-44rj-92pr

Patch, Third Party Advisory x_refsource_misc

https://github.com/Studio-42/elFinder/commit/a106c350b7dfe666a81d6b576816db9fe0899b17

View Patch ZIP pw:eip

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/164173/elFinder-Archive-Command-Injection.html

Exploit, Third Party Advisory x_refsource_misc

https://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities/

Scores

CVSS v3 9.8

EPSS 0.9277

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22 CWE-78 CWE-918

Status published

Products (2)

std42/elfinder < 2.1.59

studio-42/elfinder 0 - 2.1.59Packagist

Published Jun 14, 2021

Tracked Since Feb 18, 2026