CVE-2016-10759
CRITICALPrecurio 2.1 - Path Traversal and Remote Code Execution via Xinha ExtendedFileManager
Title source: llmDescription
The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.ripstech.com/2016/precurio-remote-command-execution-via-xinha-plugin/
Third Party Advisory x_refsource_misc
https://demo.ripstech.com/projects/precurio_2.1
Scores
CVSS v3
9.8
EPSS
0.0365
EPSS Percentile
88.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
precurio/precurio
2.1
Published
May 24, 2019
Tracked Since
Feb 18, 2026