Primary

Context

eXtplorer Authentication Bypass and Remote Code Execution Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in eXtplorer version 2.1.14, allowing attackers to log in without a password by manipulating the login request. This vulnerability can be exploited to upload malicious PHP files and execute remote commands on the affected file management system.

Impact

Exploitation of this vulnerability allows for unauthorized access to the admin panel and the ability to execute remote commands on the server via uploaded malicious PHP files.

Reproduction

To reproduce this vulnerability, intercept the login POST request to 'index.php' and remove the 'password' field before sending the request. Once logged in, upload a PHP file through the file management system which can then be executed remotely.

Added: Jan 13, 2026, 11:42 PM

Updated: Jan 13, 2026, 11:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

9.5

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

9.5

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eXtplorer Authentication Bypass and Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

eXtplorer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating