3 matches found
Xerte 3.9 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Xerte 3.9 - Remote Code Execution RCE Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.8.5-33.zip Version: up until version 3.9 Tested on: Windows...
CVE-2021-44664
An Authenticated Remote Code Exection RCE vulnerability exists in Xerte through 3.9 in websitecode/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files...
Path traversal
An Authenticated Remote Code Exection RCE vulnerability exists in Xerte through 3.9 in websitecode/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files...