ELFinder.Connector.Minimal.php.Arbitrary.File.Upload
Description
This indicates an attack attempt to exploit an Arbitrary File Upload vulnerability in ELFinder components.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted request. A remote attacker can exploit this to upload arbitrary files and by making a direct request to the file, also execute the script file uploaded.
Affected Products
Tiki Wiki ELFinder Version 2.0
Studio-42 ELFinder version 2.1.57 and prior
WordPress Plugin File Manager Versions 6.0-6.8
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tiki.org/article434-Security-update-Tiki-15-2-Tiki-14-4-and-Tiki-12-9-released
https://tw.wordpress.org/plugins/wp-file-manager/
https://github.com/Studio-42/elFinder/issues/3295
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |