CVE-2019-7305
MEDIUMeXtplorer < 2.1.0 - Information Exposure via World-Accessible System Directories
Title source: llmDescription
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://launchpad.net/bugs/1822013
Scores
CVSS v3
5.8
EPSS
0.0183
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-552
CWE-200
Status
published
Products (1)
extplorer/extplorer
< 2.1.0
Published
Apr 10, 2020
Tracked Since
Feb 18, 2026