eXtplorer is prone to a local directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue using directory-traversal characters ('../') to access and write arbitrary files or to execute arbitrary files.
eXtplorer 2.1.9 is vulnerable; other versions may also be affected.
Information
Exploit
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
References:
- eXtplorer Homepage (eXtplorer)
- eXtplorer v2.1.9 Archive Path Traversal (John Page aka hyp3rlinx)