Preauthorization Remote Code Execution (RCE) Vulnerability in Maian Cart v3.8 via Elfinder Plugin Access Control Issue

Preauthorization Remote Code Execution (RCE) Vulnerability in Maian Cart v3.8 via Elfinder Plugin Access Control Issue

CVE-2021-32172 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.

Learn more about our Web Application Penetration Testing UK.