CVE-2023-27842

HIGH

eXtplorer 2.1.15 - Remote Code Execution via Insecure Permissions in index.php

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-27842. PoCs published by cowsecurity, tristao-io.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-27842, targeting eXtplorer 2.1.15. The exploit authenticates to a Joomla-based website with eXtplorer installed, uploads a PHP webshell, and executes arbitrary commands.

Description

Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent

Exploits (3)

nomisec WORKING POC 2 stars

by cowsecurity · poc

https://github.com/cowsecurity/CVE-2023-27842

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-27842, targeting eXtplorer 2.1.15. The exploit authenticates to a Joomla-based website with eXtplorer installed, uploads a PHP webshell, and executes arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: eXtplorer 2.1.15

Auth required

Prerequisites: Joomla-based website with eXtplorer extension installed · Valid credentials for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by tristao-io · poc

https://github.com/tristao-io/CVE-2023-27842

View Code ZIP pw:eip

This PoC demonstrates an authenticated remote code execution (RCE) vulnerability in eXtplorer 2.1.15 by exploiting insecure file permissions to modify the index.php file and inject malicious PHP code.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: eXtplorer 2.1.15

Auth required

Prerequisites: Valid user credentials for eXtplorer · Access to the file editor functionality

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/tristao-marinho/cve-2023-27842

View Code ZIP pw:eip

This PoC demonstrates an authenticated remote code execution (RCE) vulnerability in eXtplorer 2.1.15 by leveraging insecure file permissions to modify the index.php file and inject malicious PHP code. The attacker can then execute arbitrary system commands via a crafted GET parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: eXtplorer 2.1.15

Auth required

Prerequisites: valid user credentials · access to the file editor in eXtplorer

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory

http://blog.tristaomarinho.com/extplorer-2-1-15-insecure-permissions-following-remote-code-execution/

Product

http://extplorer.net/

Product

http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip

Exploit, Third Party Advisory

https://github.com/tristao-marinho/CVE-2023-27842

Exploit, Third Party Advisory

https://github.com/tristao-marinho/CVE-2023-27842/blob/main/README.md

Scores

CVSS v3 8.8

EPSS 0.4515

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-277

Status published

Products (1)

extplorer/extplorer 2.1.15

Published Mar 21, 2023

Tracked Since Feb 18, 2026