AttackerKBAKB:CA9335F6-B89E-4233-B4E4-8E3099AAEE8FelFinder Command Injection v<2.1.48
0.965 High
EPSS
Percentile
99.6%
elFinder is an open-source file manager available as a web application. A command injection vulnerability in the image handling functionality exists for versions prior to 2.1.48. This exploit requires that the exiftran utility be installed.
Recent assessments:
space-r7 at May 09, 2019 5:57pm UTC reported:
Details
The PHP component in the elFinder software allows unauthenticated users to upload and manipulate images.
While performing image manipulation on a JPEG, elFinder passes the fileβs name unsanitized to a command line utility called exiftran.
By inserting arbitrary code into the JPEGβs file name, the code will get passed to the exiftran utility and be executed.
This exploit requires that exiftran be installed to work. If exiftran is not installed, then the software opts to use jpegtran,
which removes exploitability. Despite the caveat listed previously, this is still a valuable exploit.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 4
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9194
github.com/Studio-42/elFinder/blob/master/README.md
github.com/Studio-42/elFinder/compare/6884c4f...0740028
github.com/Studio-42/elFinder/releases/tag/2.1.48
www.exploit-db.com/exploits/46481
www.exploit-db.com/exploits/46539
www.secsignal.org/news/cve-2019-9194-triggering-and-exploiting-a-1-day-vulnerability
Related
