As we mentioned, the exploitation of these vulnerabilities can let an attacker execute arbitrary PHP code on the server where elFinder is installed, ultimately leading to its compromise. Findings were also confirmed on release 2.1.57 all affect the default configuration (unless specified otherwise in this article) and do not require prior authentication. We worked on the development branch, commit f9c906d.
We will also discuss some of the patches that were later implemented by the vendor to show how to prevent them in your own code. In the following case study of common code vulnerabilities in web file managers, we describe five different vulnerability chains and demonstrate how they could be exploited to gain control of the underlying server and its data. Thus, elFinder is published with a safe default configuration to prevent any malicious use by attackers.Īs part of our regular assessment of widely deployed open-source projects, we discovered multiple new code vulnerabilities in elFinder.
In the past, elFinder has been part of active in-the-wild attacks targeting unsafe configuration or actual code vulnerabilities. This observation is especially true in the case of web file managers, whose role is to replicate the features of a complete file system and expose it to the client’s browser in a transparent way.ĮlFinder is a popular web file manager often used in CMS and frameworks, such as WordPress plugins (wp-file-manager) or Symfony bundles, to allow easy operations on both local and remote files. An application’s interaction with the file system is always highly security sensitive since minor functional bugs can easily be the source of exploitable vulnerabilities.
0 kommentar(er)
