![]() ![]() Researchers portray the five flaws in the chain as "innocuous bugs" that can be combined to gain arbitrary code execution. Version 2.1.59 of elFinder includes patches for the flaws. The flaws, if exploited, could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, the researchers say. The vulnerability chain affects elFinder version 2.1.58. The five vulnerabilities, tracked as a group as CVE-2021-32682, have a CVSS score of 9.8, or extremely critical. It's written in JavaScript using jQuery UI. ![]() The elFinder file manager is used in content management systems and frameworks, such as WordPress plugins or Symfony bundles, to allow easy operations on both local and remote files. ![]() See Also: OnDemand | Navigating the Difficulties of Patching OT An updated version of the manager patches the flaws. Security researchers at SonarSource discovered five vulnerabilities that create a critical vulnerability chain in elFinder, an open source web file manager. Five flaws create a critical vulnerability chain in elFinder web file manager.
0 Comments
Leave a Reply. |