CVE-2023-29657

Name of the Vulnerable Software and Affected Versions eXtplorer version 2.1.15

Description The issue allows for insecure permissions, specifically through the file upload feature in the file manager. This vulnerability enables the upload of zip files that contain PHP pages, which can lead to arbitrary code execution.

Recommendations For eXtplorer version 2.1.15, consider disabling the file upload feature in the file manager until a patch is available to prevent the upload of malicious zip files. Restrict access to the file manager to minimize the risk of exploitation. Avoid using the file upload feature for zip files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.