Vulnerabilities > Extplorer

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-40628 Cross-site Scripting vulnerability in Extplorer 1.0.0/2.1.5
A reflected XSS vulnerability was discovered in the Extplorer component for Joomla.
network
low complexity
extplorer CWE-79
6.1
2023-05-12 CVE-2023-29657 Unrestricted Upload of File with Dangerous Type vulnerability in Extplorer 2.1.15
eXtplorer 2.1.15 is vulnerable to Insecure Permissions.
network
low complexity
extplorer CWE-434
8.8
2023-03-21 CVE-2023-27842 Unspecified vulnerability in Extplorer 2.1.15
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent
network
low complexity
extplorer
8.8
2023-01-05 CVE-2019-25096 Cross-site Scripting vulnerability in Extplorer
A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic.
network
low complexity
extplorer CWE-79
6.1
2023-01-05 CVE-2019-25097 Path Traversal vulnerability in Extplorer
A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical.
network
low complexity
extplorer CWE-22
critical
9.8
2023-01-05 CVE-2019-25098 Path Traversal vulnerability in Extplorer
A vulnerability was found in soerennb eXtplorer up to 2.1.12.
network
low complexity
extplorer CWE-22
critical
9.8
2020-04-10 CVE-2019-7305 Files or Directories Accessible to External Parties vulnerability in Extplorer 1.0.0/2.0.0/2.1.0
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP.
network
low complexity
extplorer CWE-552
critical
9.8
2018-10-07 CVE-2012-6710 Improper Authentication vulnerability in Extplorer
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.
network
low complexity
extplorer CWE-287
critical
9.8
2017-08-09 CVE-2017-12756 Command Injection vulnerability in Extplorer
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter.
network
low complexity
extplorer CWE-77
7.2
2017-04-24 CVE-2016-4313 Path Traversal vulnerability in Extplorer 2.1.9
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a ..
local
low complexity
extplorer CWE-22
7.8