CVE-2021-43421 Scanner
Detects 'File Upload' vulnerability in Studio-42 elFinder affects v. 2.0.4 to 2.1.59.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Toolbox
-
Studio-42 elFinder is an open-source web-based file manager software that is used for managing files and folders. It is designed to be integrated easily with web applications and can be customized to blend with individual websites. It offers a user-friendly interface and is compatible with all modern web browsers. The software can perform file and folder operations like copying, moving, editing, and deleting. It also provides file upload and download functionality making it easy to store and retrieve files on a server.
Recently, a vulnerability was detected in this popular file manager software, identified as CVE-2021-43421. The vulnerability is found in the connector.minimal.php file allowing remote malicious users to upload arbitrary files and execute PHP code. This vulnerability makes it possible for attackers to gain unauthorized access to a system and compromise the data stored. As a result of the vulnerability, attackers can potentially infect a victims' computer with malware, steal sensitive information and control the affected system.
Exploiting the vulnerability could lead to grave consequences. Cybercriminals can gain control of the server and execute arbitrary code or Trojan commands. The vulnerability in Studio-42 elFinder could be exploited by hackers to bypass authentication and execute arbitrary code resulting in sensitive data theft and cyber espionage. The threat is heightened as this software is very popular with different organizations, including businesses, governments and educational institutions.
By using the pro features of the securityforeveryone.com platform, it is possible to quickly and easily identify vulnerabilities in digital assets and take appropriate steps to maintain security. This platform provides vulnerability scanning for web-based applications, database servers, and network devices, with frequent updates that ensure the latest vulnerabilities are always covered. Securityforeveryone.com also provides a comprehensive vulnerability remediation strategy to ensure that vulnerabilities discovered can be mitigated effectively. Protecting digital assets is no longer just an option, it is a necessity.
REFERENCES
control security posture