CVE-2021-32172 – Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)

https://notcve.org/view.php?id=CVE-2021-32172

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. Maian Cart versión v3.8, contiene una explotación de ejecución de código remota (RCE) por medio de un problema de control de acceso roto en el plugin Elfinder • https://www.exploit-db.com/exploits/50394 http://packetstormsecurity.com/files/164445/Maian-Cart-3.8-Remote-Code-Execution.html https://dreyand.github.io/maian-cart-rce https://github.com/DreyAnd/maian-cart-rce https://www.maianscriptworld.co.uk • CWE-862: Missing Authorization •