CVE-2023-54335

CRITICAL EPSS 91.1%
Published Jan 13, 20265mo ago · Modified Jun 17, 20261w ago
9.3 CVSS 4.0
Critical
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system.

CVSS Details

Base Score
9.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
91.1% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-306 Missing Authentication for Critical Function Authentication

Affected Products 1

VendorProductVersionRange
extplorerextplorer* ≤2.1.14

References 3

  • extplorer.net https://extplorer.net/
    Product
  • exploit-db.com https://www.exploit-db.com/exploits/51067
    ExploitThird Party Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/extplorer-authentication-bypass-remote-code-execution-rce
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.