CVE-2023-27842
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running eXtplorer File Manager version 2.1.15 due to insecure permissions in the index.php component. Any organization using this specific version of the web-based file management software is affected. The vulnerability enables complete system compromise through remote code execution.
💻 Affected Systems
- eXtplorer File Manager
📦 What is this software?
Extplorer by Extplorer
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with attacker gaining full control over the server, data exfiltration, lateral movement to other systems, and persistent backdoor installation.
Likely Case
Web server compromise leading to data theft, website defacement, cryptocurrency mining, or use as part of a botnet.
If Mitigated
Limited impact with proper network segmentation, web application firewalls, and least privilege principles in place.
🎯 Exploit Status
Proof-of-concept exploit code is publicly available on GitHub. The vulnerability requires no authentication and has simple exploitation steps.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: http://extplorer.net/
Restart Required: No
Instructions:
1. Remove eXtplorer 2.1.15 completely from all systems
2. Consider alternative file management solutions
3. If eXtplorer is required, monitor vendor site for security updates
🔧 Temporary Workarounds
Remove vulnerable component
linuxCompletely uninstall eXtplorer 2.1.15 from all web servers
rm -rf /path/to/extplorer/installation
Restrict access with web server rules
allBlock all access to eXtplorer directories using web server configuration
# Apache: Deny from all in .htaccess
# Nginx: location ~ /extplorer { deny all; }
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected systems
- Deploy web application firewall with RCE protection rules
🔍 How to Verify
Check if Vulnerable:
Check if eXtplorer version 2.1.15 is installed by examining the software version in the web interface or checking file metadata.Check Version:
grep -r '2.1.15' /path/to/extplorer/ || find /var/www -name '*extplorer*' -type dVerify Fix Applied:
Confirm eXtplorer 2.1.15 has been completely removed from the system and the directory is no longer accessible via web.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to index.php with suspicious parameters
- File upload attempts to eXtplorer directories
- System command execution in web logs
Network Indicators:
- Outbound connections from web server to suspicious IPs
- Unusual traffic patterns to/from eXtplorer paths
SIEM Query:
source="web_logs" AND (uri="*index.php*" AND (param="*cmd*" OR param="*system*" OR param="*exec*"))🔗 References
- http://blog.tristaomarinho.com/extplorer-2-1-15-insecure-permissions-following-remote-code-execution/
- http://extplorer.net/
- http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip
- https://github.com/tristao-marinho/CVE-2023-27842
- https://github.com/tristao-marinho/CVE-2023-27842/blob/main/README.md
- http://blog.tristaomarinho.com/extplorer-2-1-15-insecure-permissions-following-remote-code-execution/
- http://extplorer.net/
- http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip
- https://github.com/tristao-marinho/CVE-2023-27842
- https://github.com/tristao-marinho/CVE-2023-27842/blob/main/README.md
