PH Pexplorer - exploit.company

vendor:

PH Pexplorer

by:

Kacper (a.k.a Rahim)

7.5

CVSS

HIGH

Remote Code Execution

CWE

Product Name: PH Pexplorer

Affected Version From: PH Pexplorer version 0.24

Affected Version To: PH Pexplorer version 0.24

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

PH Pexplorer <= 0.24 (Cookie/language.php) Remote Code Execution Exploit

This exploit allows remote code execution in PH Pexplorer version 0.24. By uploading an evil file and setting the 'Language' cookie to the path of the evil file, an attacker can run the evil file on all script pages.

Mitigation:

To mitigate this vulnerability, users should update to a patched version of PH Pexplorer.

Source

PH Pexplorer <= 0.24 (Cookie/language.php) Remote Code Execution Exploit

Mitigation:

Exploit-DB raw data: