CVE-2012-6710

CRITICAL

Extplorer < 2.1.2 - Authentication Bypass

Title source: rule

Description

ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.

Exploits (1)

metasploit WORKING POC EXCELLENT

by bcoles · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/extplorer_upload_exec.rb

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://itsecuritysolutions.org/2012-12-31-eXtplorer-v2.1-authentication-bypass-vulnerability

[Third Party Advisory] http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201212-371

[Third Party Advisory, VDB Entry] https://www.securityfocus.com/bid/57058

Scores

CVSS v3 9.8

EPSS 0.7648

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status published

Affected Products (1)

extplorer/extplorer < 2.1.2

Timeline

Published Oct 07, 2018

Tracked Since Feb 18, 2026