CVE-2021-23394 Scanner

elFinder is an open-source file manager used for web platforms to manage files within web browsers. Developed by Studio-42, it's particularly popular among developers and administrators who require a feature-rich, customizable file manager script. Serving a wide array of industries, from web hosting services to individual developers, elFinder provides versatile operations directly within a web environment. The software supports multiple languages and operations, including drag-and-drop, archives, previewing, and editing files directly on the server. The application is implemented in various server environments and is compatible with most modern browsers, thereby accommodating diverse user needs and workflows.

This vulnerability pertains to a critical Remote Code Execution (RCE) flaw in elFinder, allowing attackers to execute arbitrary PHP code on the server. It specifically affects versions before 2.1.58, exploiting the parsing of .phar files to inject malicious code. The vulnerability arises from the server's ability to incorrectly treat .phar files as PHP executable code. This kind of exposure can lead to unauthorized access and potentially full server compromise if exploited by malicious entities. The flaw exists due to improper input validation, which highlights the need for users to update to secure versions promptly.

The vulnerability stems from the exploitable parsing of .phar files as PHP code on susceptible versions of elFinder. A notable vulnerable endpoint is the file upload feature, where the absence of adequate validation for certain file types allows arbitrary code execution. Specific parameters in the application's file managementsuch as using PHP within .phar filesact as the primary vulnerability vectors, especially in environments where server configurations parse these files as PHP. Through HTTP requests that manipulate file creation and content, attackers are capable of injecting malicious commands effectively. The flaw underscores the importance of meticulous server-side input validation to preemptively safeguard applications.

Exploitation of this vulnerability could lead to severe consequences, including unauthorized access and full control over the affected server by malicious entities. Successful execution of arbitrary code may result in the theft of sensitive data, insertion of backdoors for future attacks, and system downtime or disruptions. This could further lead to lateral attacks within a network, compromising additional systems if not contained promptly. Businesses and individuals relying on affected elFinder versions must either update or adopt alternative protective measures to mitigate such risks. The importance of swift troubleshooting and patching cannot be overstated in maintaining the integrity and security of computing environments.

REFERENCES

• https://github.com/Studio-42/elFinder/issues/3295
• https://blog.sonarsource.com/elfinder-the-story-of-a-file-manager-and-a-bunch-of-vulnerabilities
• https://snyk.io/vuln/SNYK-PHP-STUDIO42ELFINDER-1290554
• https://nvd.nist.gov/vuln/detail/CVE-2021-23394