elFinder Commands Injection (CVE-2021-32682)
elFinder ZIP Arguments Injection Leads to Commands Injection (CVE-2021-32682) Some POCs for CVE-2021-32682 Usage Since the vulnerability is a command injection we can write a web shell to a php file This relies on if the server executes php Create file 1txt Right-click 'Create archive' -> 'Zip archive' Rename archive to '2zip' Ex