elFinder Command Injection Vulnerability in Resize Background Parameter Allowing Arbitrary Command Execution
Vulnerability
A command injection vulnerability has been identified in elFinder versions prior to 2.1.67. The issue arises in the 'resize' command, where the 'bg' (background color) parameter is accepted from user input and passed through image processing with the ImageMagick CLI backend. This parameter is incorporated into shell command strings without adequate escaping, allowing an attacker to inject shell metacharacters and execute arbitrary commands as the web server process user.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the server, with the same privileges as the web server process.
Remediation
Users are advised to upgrade to elFinder version 2.1.67 or later. For those unable to upgrade immediately, the 'resize' command can be disabled, the ImageMagick CLI backend can be avoided for image processing, and access can be restricted to trusted users only.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.