Attacker Value
Moderate
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

elFinder Command Injection v<2.1.48

Disclosure Date: February 26, 2019 Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

elFinder is an open-source file manager available as a web application. A command injection vulnerability in the image handling functionality exists for versions prior to 2.1.48. This exploit requires that the exiftran utility be installed.

Add Assessment

2
Ratings
  • Attacker Value
    Medium
  • Exploitability
    High
Technical Analysis

Details

The PHP component in the elFinder software allows unauthenticated users to upload and manipulate images.
While performing image manipulation on a JPEG, elFinder passes the file’s name unsanitized to a command line utility called exiftran.
By inserting arbitrary code into the JPEG’s file name, the code will get passed to the exiftran utility and be executed.

This exploit requires that exiftran be installed to work. If exiftran is not installed, then the software opts to use jpegtran,
which removes exploitability. Despite the caveat listed previously, this is still a valuable exploit.

General Information

Technical Analysis