Arbitrary Code Execution Vulnerability in Precurio 2.1 Xinha Plugin
CVE-2016-10759 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.
Learn more about our Web Application Penetration Testing UK.