cve/2021/CVE-2021-32172.md

CVE-2021-32172

Description

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.

POC

Reference

• http://packetstormsecurity.com/files/164445/Maian-Cart-3.8-Remote-Code-Execution.html
• https://dreyand.github.io/maian-cart-rce/
• https://github.com/DreyAnd/maian-cart-rce

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates