PT-2026-2425 · Extplorer · Extplorer

Erpaciocco

Published

2026-01-13

Updated

2026-01-15

CVE-2023-54335

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions eXtplorer version 2.1.14

Description eXtplorer version 2.1.14 contains an authentication bypass that allows attackers to log in without a password by manipulating the login request. Successful exploitation enables attackers to upload malicious PHP files and execute remote commands on the vulnerable file management system. The vulnerability is exploitable via manipulation of the login process. The affected API endpoint is the login function. The vulnerable parameter is the login request.

Recommendations Apply a fix for eXtplorer version 2.1.14 to address the authentication bypass.

Exploit

Fix

RCE

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2023-54335

Affected Products

Extplorer

PT-2026-2425 · Extplorer · Extplorer

CVE-2023-54335

Weakness Enumeration

Related Identifiers

Affected Products

References · 11