← back
CVE-2016-10759

CVE-2016-10759

EPSS 3.7%
The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.ripstech.com/2016/precurio-remote-command-execution-via-xinha-plugin/https://demo.ripstech.com/projects/precurio_2.1