CVE-2023-27842

HIGH

eXtplorer <2.1.15 - RCE

Title source: llm

Description

Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent

Exploits (3)

nomisec WORKING POC 2 stars

by cowsecurity · poc

https://github.com/cowsecurity/CVE-2023-27842

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by tristao-io · poc

https://github.com/tristao-io/CVE-2023-27842

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/tristao-marinho/cve-2023-27842

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] http://blog.tristaomarinho.com/extplorer-2-1-15-insecure-permissions-following-remote-code-execution/

[Product] http://extplorer.net/

[Product] http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip

[Exploit, Third Party Advisory] https://github.com/tristao-marinho/CVE-2023-27842

[Exploit, Third Party Advisory] https://github.com/tristao-marinho/CVE-2023-27842/blob/main/README.md

Scores

CVSS v3 8.8

EPSS 0.3557

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-277

Status published

Products (1)

extplorer/extplorer 2.1.15

Published Mar 21, 2023

Tracked Since Feb 18, 2026