CVE-2012-6710

CRITICAL

eXtplorer < 2.1.2 - Unauthenticated Authentication Bypass via Empty Password Array

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6710. PoCs published by bcoles, including Metasploit module exploits/multi/http/extplorer_upload_exec.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass vulnerability in eXtplorer v2.1 to upload and execute arbitrary PHP files. It bypasses authentication by sending a malformed password parameter, then uploads a PHP payload to a writable directory and executes it.

Description

ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.

Exploits (1)

metasploit WORKING POC EXCELLENT
by bcoles · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/extplorer_upload_exec.rb

This Metasploit module exploits an authentication bypass vulnerability in eXtplorer v2.1 to upload and execute arbitrary PHP files. It bypasses authentication by sending a malformed password parameter, then uploads a PHP payload to a writable directory and executes it.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: eXtplorer v2.1.0 to 2.1.2 and 2.1.0RC5
No auth needed
Prerequisites: Network access to the target · Writable directory in the web root
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
https://www.securityfocus.com/bid/57058

Scores

CVSS v3 9.8
EPSS 0.7584
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
extplorer/extplorer < 2.1.2
Published Oct 07, 2018
Tracked Since Feb 18, 2026