4/5/2023 0 Comments Elfinder web file manager![]() ![]() Worse still, the impact potentially extends well beyond elFinder. “Arbitrary code execution was easily demonstrated, and attackers won’t have much trouble replicating it”, he added. “There is no doubt these vulnerabilities will also be exploited in the wild, because exploits targeting old versions have been publicly released and the connectors filenames are part of compilations of paths to look for when trying to compromise websites,” he said in a blog post. Read more of the latest infosec research news ![]() Thomas Chauchefoin, vulnerability researcher at SonarSource, urged users to update their systems as soon as possible. Security researchers have documented five vulnerability chains that combine otherwise “innocuous bugs” to forge exploit chains capable of seizing control of servers.įortunately, the flaws were recently patched. UPDATED Critical vulnerabilities in elFinder, the popular open source web file manager, can enable unauthenticated attackers to execute arbitrary PHP code on servers hosting elFinder’s back-end PHP connector. Immediate triage urged as researchers warn in-the-wild exploitation likely ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |