Security for everyone

CVE-2021-43421 Scanner

Detects 'File Upload' vulnerability in Studio-42 elFinder affects v. 2.0.4 to 2.1.59.

SCAN NOW

Short Info


Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-43421 Scanner Detail

Studio-42 elFinder is an open-source web-based file manager software that is used for managing files and folders. It is designed to be integrated easily with web applications and can be customized to blend with individual websites. It offers a user-friendly interface and is compatible with all modern web browsers. The software can perform file and folder operations like copying, moving, editing, and deleting. It also provides file upload and download functionality making it easy to store and retrieve files on a server.

Recently, a vulnerability was detected in this popular file manager software, identified as CVE-2021-43421. The vulnerability is found in the connector.minimal.php file allowing remote malicious users to upload arbitrary files and execute PHP code. This vulnerability makes it possible for attackers to gain unauthorized access to a system and compromise the data stored. As a result of the vulnerability, attackers can potentially infect a victims' computer with malware, steal sensitive information and control the affected system.

Exploiting the vulnerability could lead to grave consequences. Cybercriminals can gain control of the server and execute arbitrary code or Trojan commands. The vulnerability in Studio-42 elFinder could be exploited by hackers to bypass authentication and execute arbitrary code resulting in sensitive data theft and cyber espionage. The threat is heightened as this software is very popular with different organizations, including businesses, governments and educational institutions.

By using the pro features of the securityforeveryone.com platform, it is possible to quickly and easily identify vulnerabilities in digital assets and take appropriate steps to maintain security. This platform provides vulnerability scanning for web-based applications, database servers, and network devices, with frequent updates that ensure the latest vulnerabilities are always covered. Securityforeveryone.com also provides a comprehensive vulnerability remediation strategy to ensure that vulnerabilities discovered can be mitigated effectively. Protecting digital assets is no longer just an option, it is a necessity. 

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture