2.1.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

extplorer

CWE-552

critical

NVD

Published: 2020-04-10

Updated: 2021-09-13

Summary

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian

Vulnerable Configurations

Part	Description	Count
Application	Extplorer Extplorer Extplorer - Extplorer Extplorer 1.0.0 Extplorer Extplorer 2.0.0 Extplorer Extplorer 2.1.0	20
OS	Canonical Canonical Ubuntu Linux -	1
OS	Debian Debian Debian Linux -	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://launchpad.net/bugs/1822013