Insecure Permissions in eXtplorer 2.1.15: Arbitrary Code Execution via File Upload

Insecure Permissions in eXtplorer 2.1.15: Arbitrary Code Execution via File Upload

CVE-2023-29657 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions.

Learn more about our Web Application Penetration Testing UK.