Arbitrary Code Execution Vulnerability in Precurio 2.1 Xinha Plugin

Arbitrary Code Execution Vulnerability in Precurio 2.1 Xinha Plugin

CVE-2016-10759 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.

Learn more about our Web Application Penetration Testing UK.