Path traversal
An Authenticated Remote Code Exection RCE vulnerability exists in Xerte through 3.9 in websitecode/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files...