Vulnerability Description
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Extplorer | Extplorer | <= 2.1.0 |
| Canonical | Ubuntu Linux | - |
| Debian | Debian Linux | - |
Related Weaknesses (CWE)
References
- https://launchpad.net/bugs/1822013Issue TrackingThird Party Advisory
- https://launchpad.net/bugs/1822013Issue TrackingThird Party Advisory
FAQ
What is CVE-2019-7305?
CVE-2019-7305 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2...
How severe is CVE-2019-7305?
CVE-2019-7305 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7305?
Check the references section above for vendor advisories and patch information. Affected products include: Extplorer Extplorer, Canonical Ubuntu Linux, Debian Debian Linux.