CVE-2021-43421

CRITICAL NUCLEI

Studio-42 elFinder <2.1.59 - RCE

Title source: llm

Description

A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.

Nuclei Templates (1)

Studio-42 elFinder <2.1.60 - Arbitrary File Upload

CRITICALVERIFIEDby akincibor

References (2)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/Studio-42/elFinder/issues/3429

[Third Party Advisory] https://twitter.com/infosec_90/status/1455180286354919425

Scores

CVSS v3 9.8

EPSS 0.7954

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

std42/elfinder 2.0.4 - 2.1.59

studio-42/elfinder 2.0.4 - 2.1.60Packagist

Published Apr 07, 2022

Tracked Since Feb 18, 2026