PT-2017-8467 · Phpxplorer · Extplorer

Hyp3Rlinx

Published

2017-04-24

Updated

2018-10-09

CVE-2016-4313

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions eXtplorer version 2.1.9

Description The issue allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file, leveraging a directory traversal vulnerability in the unzip/extract feature.

Recommendations For eXtplorer version 2.1.9, consider disabling the unzip/extract feature until a patch is available to prevent exploitation of the directory traversal vulnerability.

Exploit

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2016-4313

DLA-596-1

Affected Products

Extplorer

PT-2017-8467 · Phpxplorer · Extplorer

CVE-2016-4313

Weakness Enumeration

Related Identifiers

Affected Products

References · 10