CVE-2023-54335

CRITICAL

Extplorer < 2.1.14 - Missing Authentication

Title source: rule

Description

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system.

Exploits (1)

exploitdb WORKING POC

by ErPaciocco · textwebappsphp

https://www.exploit-db.com/exploits/51067

View Code ZIP pw:eip

References (3)

[Product] https://extplorer.net/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51067

[Third Party Advisory] https://www.vulncheck.com/advisories/extplorer-authentication-bypass-remote-code-execution-rce

Scores

CVSS v3 9.8

EPSS 0.0041

EPSS Percentile 60.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-306

Status published

Affected Products (1)

extplorer/extplorer < 2.1.14

Timeline

Published Jan 13, 2026

Tracked Since Feb 18, 2026