CVE-2011-5005

QuiXplorer < 2.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution via index.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5005. PoCs published by PCA.

AI-analyzed exploit summary This is a writeup describing a file upload vulnerability in QuiXplorer 2.3, allowing attackers to upload malicious files by manipulating the 'action' parameter. It provides URLs and steps to exploit the vulnerability but lacks actual exploit code.

Description

Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory.

Exploits (1)

exploitdb WRITEUP VERIFIED
by PCA · textwebappsphp
https://www.exploit-db.com/exploits/18118

This is a writeup describing a file upload vulnerability in QuiXplorer 2.3, allowing attackers to upload malicious files by manipulating the 'action' parameter. It provides URLs and steps to exploit the vulnerability but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: QuiXplorer 2.3
No auth needed
Prerequisites: Access to the target web application · Ability to send HTTP requests to the target
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18118
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71323

Scores

EPSS 0.0394
EPSS Percentile 89.2%

Details

Status published
Products (20)
claudio_klingler/quixplorer 1.0
claudio_klingler/quixplorer 1.1
claudio_klingler/quixplorer 1.2
claudio_klingler/quixplorer 1.4
claudio_klingler/quixplorer 1.5
claudio_klingler/quixplorer 1.6
claudio_klingler/quixplorer 2.0
claudio_klingler/quixplorer 2.1.1
claudio_klingler/quixplorer 2.2
claudio_klingler/quixplorer < 2.3
... and 10 more
Published Dec 25, 2011
Tracked Since Feb 18, 2026