CVE-2013-5951

Name of the Vulnerable Software and Affected Versions eXtplorer version 2.1.3

Description The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to various files, including application.js.php in scripts/, and admin.php, copy move.php, functions.php, header.php, or upload.php in include/. This can be exploited by sending malicious input to these files.

Recommendations For eXtplorer version 2.1.3, consider restricting access to the affected files, such as application.js.php, admin.php, copy move.php, functions.php, header.php, and upload.php, until a patch is available. As a temporary workaround, avoid using the PATH INFO to inject input into these files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.