CVE-2023-54335

CRITICAL 9.8

eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system.

CWE	CWE-306
Vendor	extplorer
Product	extplorer
Published	Jan 13, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for extplorer extplorer

Be the first to know when new critical vulnerabilities affecting extplorer extplorer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Extplorer / eXtplorer

0 ≤ 2.1.14

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51067 extplorer.net: https://extplorer.net/ vulncheck.com: https://www.vulncheck.com/advisories/extplorer-authentication-bypass-remote-code-execution-rce

Credits

ErPaciocco