CVE-2023-27842
Published: 21 March 2023
Summary
CVE-2023-27842 is a high-severity Insecure Inherited Permissions (CWE-277) vulnerability in Extplorer Extplorer. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-27842 is an insecure permissions vulnerability affecting the index.php component of eXtplorer file manager version 2.1.15. The flaw carries a CVSS 3.1 score of 8.8 and is associated with CWE-277, enabling remote code execution when the component processes requests without adequate permission checks.
A remote attacker with low-privileged access can exploit the issue over the network to achieve arbitrary code execution, resulting in full confidentiality, integrity, and availability impacts on the affected installation. The current EPSS score of 0.4515, with a recorded peak of 0.4971, indicates moderate and relatively stable exploitation interest since disclosure.
Public references include a detailed technical write-up, a proof-of-concept repository, and the vendor site hosting the 2.1.15 release archive, though no explicit patch or mitigation guidance is documented in the available sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-31578
Vulnerability details
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.