Description
body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.
Exploits (1)
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50389
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8382
Scores
EPSS
0.0566
EPSS Percentile
90.4%
Details
Status
published
Products (1)
webfileexplorer/web_file_explorer
3.1
Published
Apr 17, 2009
Tracked Since
Feb 18, 2026