eXtplorer Information Exposure Vulnerability: World-Accessible System Directories Over HTTP

eXtplorer Information Exposure Vulnerability: World-Accessible System Directories Over HTTP

CVE-2019-7305 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian

Learn more about our Cis Benchmark Audit For Debian Linux.