CVE-2023-54335

Name of the Vulnerable Software and Affected Versions eXtplorer version 2.1.14

Description eXtplorer version 2.1.14 contains an authentication bypass that allows attackers to log in without a password by manipulating the login request. Successful exploitation enables attackers to upload malicious PHP files and execute remote commands on the vulnerable file management system. The vulnerability is exploitable via manipulation of the login process. The affected API endpoint is the login function. The vulnerable parameter is the login request.

Recommendations Apply a fix for eXtplorer version 2.1.14 to address the authentication bypass.