CVE-2011-5005

Claudio Klingler Quixplorer < 2.3 - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory.

Exploits (1)

exploitdb WRITEUP VERIFIED

by PCA · textwebappsphp

https://www.exploit-db.com/exploits/18118

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18118

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/71323

Scores

EPSS 0.0612

EPSS Percentile 90.9%

Details

Status published

Products (20)

claudio_klingler/quixplorer 1.0

claudio_klingler/quixplorer 1.1

claudio_klingler/quixplorer 1.2

claudio_klingler/quixplorer 1.4

claudio_klingler/quixplorer 1.5

claudio_klingler/quixplorer 1.6

claudio_klingler/quixplorer 2.0

claudio_klingler/quixplorer 2.1.1

claudio_klingler/quixplorer 2.2

claudio_klingler/quixplorer < 2.3

... and 10 more

Published Dec 25, 2011

Tracked Since Feb 18, 2026