Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Critical vulnerabilities in web file manager elFinder leave servers susceptible to takeover

Critical vulnerabilities in elFinder, the popular open source web file manager, can enable unauthenticated attackers to execute arbitrary PHP code on servers hosting elFinder’s back-end PHP connector.

JavaScript-based elFinder is used to manage local and remote files in conjunction with content management systems and frameworks such as WordPress File Manager and Symfony bundles.

Security researchers have documented five vulnerability chains that combine otherwise “innocuous bugs” to forge exploit chains capable of seizing control of servers.

Other products at risk

Fortunately, the flaws were recently patched. Thomas Chauchefoin, vulnerability researcher at SonarSource, urged users to update their systems as soon as possible.

“There is no doubt these vulnerabilities will also be exploited in the wild, because exploits targeting old versions have been publicly released and the connectors filenames are part of compilations of paths to look for when trying to compromise websites,” he said in a blog post.

“Arbitrary code execution was easily demonstrated, and attackers won’t have much trouble replicating it”, he added.

Worse still, the impact potentially extends well beyond elFinder. “All these bug classes are very common in software that exposes filesystems to users, and are likely to impact a broad range of products,” explained Chauchefoin.

The flaws

All rated CVSS 9.8, the flaws include four issues affecting elFinder 2.1.58 that can enable attackers to move or delete arbitrary files, as well as argument injection and race condition bugs (CVE-2021-32682).

Versions before 2.1.58 are also affected by a remote code execution (RCE) bug that is exploited via the execution of PHP code in a .phar file – but only if the server parses .phar files as PHP (CVE-2021-23394).

All five flaws bar the race condition bug affect elFinder in its default ‘safe’ configuration, which was introduced in the wake of in-the-wild attacks targeting the application’s previous configuration, according to Chauchefoin.

The vulnerabilities were reported to the project maintainers on March and patched in version 2.1.59, which was released in June. SonarSource published technical details on August 17.

As well as updating systems, Chauchefoin advises users to enforce strong access control on the connector as an additional security control.

‘Highly security-sensitive’

Chauchefoin expressed hope that the findings from his team’s research would help “break future bug chains and reduce the risk of similar issues”.

He added: “We also learned that working with paths is not easy and that extra measures should be taken: performing additional checks in the ‘low-level’ functions, using basename() and dirname() with confidence (and knowing their limits!) and always validating user-controlled data.”

Chauchefoin suggested that web file managers remain a source of concern over security.

Advertisement. Scroll to continue reading.

“An application’s interaction with the file system is always highly security sensitive, since minor functional bugs can easily be the source of exploitable vulnerabilities,” he explained.

“This observation is especially true in the case of web file managers, whose role is to replicate the features of a complete file system and expose it to the client’s browser in a transparent way.”

Source: https://portswigger.net/daily-swig/critical-vulnerabilities-in-web-file-manager-elfinder-leave-servers-susceptible-to-takeover

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO