CVE-2017-12756
HIGHextplorer < 2.1.9 - OS Command Injection via userfile[0] Parameter
Title source: llmDescription
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://extplorer.net/news/21
Scores
CVSS v3
7.2
EPSS
0.0117
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
extplorer/extplorer
< 2.1.9
Published
Aug 09, 2017
Tracked Since
Feb 18, 2026