Cyber Resilience

CVE-2023-27842

HighPublic PoC

Published: 21 March 2023

Published
21 March 2023
Modified
26 February 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4515 97.7th percentile
Risk Priority 45 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27842 is a high-severity Insecure Inherited Permissions (CWE-277) vulnerability in Extplorer Extplorer. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-27842 is an insecure permissions vulnerability affecting the index.php component of eXtplorer file manager version 2.1.15. The flaw carries a CVSS 3.1 score of 8.8 and is associated with CWE-277, enabling remote code execution when the component processes requests without adequate permission checks.

A remote attacker with low-privileged access can exploit the issue over the network to achieve arbitrary code execution, resulting in full confidentiality, integrity, and availability impacts on the affected installation. The current EPSS score of 0.4515, with a recorded peak of 0.4971, indicates moderate and relatively stable exploitation interest since disclosure.

Public references include a detailed technical write-up, a proof-of-concept repository, and the vendor site hosting the 2.1.15 release archive, though no explicit patch or mitigation guidance is documented in the available sources.

EU & UK References

Vulnerability details

Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

extplorer
extplorer
2.1.15

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References