Lucene search
K

25 matches found

NVD
NVD
added yesterday8 views

CVE-2026-14261

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control...

9.1CVSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-42583

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control...

9.1CVSS6.6AI score
Exploits0References3
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-14261 CVE-2026-14261

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control...

6.6AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-14261

CVE-2026-14261 concerns Xerte Online Toolkits where the /setup/ directory can persist after installation, allowing an unauthenticated attacker to reconfigure the application to point to a remote database and gain administrative access, enabling remote code execution. Patches fix the issue by remo...

9.1CVSS6.6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday15 views

CVE-2026-14261 CVE-2026-14261

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control...

Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-42582

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

9.8CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added yesterday14 views

CVE-2026-12116 CVE-2026-12116

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

Exploits0References3
CVE
CVE
added yesterday11 views

CVE-2026-12116

CVE-2026-12116 affects Xerte Online Toolkits. The vulnerability allows remote code execution by editing the antivirus binary path in the tools server configuration to point to a PHP interpreter, causing any uploaded PHP data to execute. Affected product: Xerte Online Toolkits (open‑source e‑learn...

9.8CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2026/04/22 9:32 p.m.11 views

EUVD-2026-25073

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

6.9CVSS5.8AI score0.00801EPSS
Exploits2References6
EUVD
EUVD
added 2026/04/22 9:32 p.m.9 views

EUVD-2026-25068

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS6.3AI score0.02826EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/04/22 6:32 p.m.32 views

CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

6.9CVSS0.00801EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2026/04/22 6:32 p.m.5 views

CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

6.9CVSS5.8AI score0.00801EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

Xerte Online Toolkits 安全漏洞

Xerte Online Toolkits is an online learning content creation platform provided by Xerte Ltd. in the UK. Versions of Xerte Online Toolkits 3.15 and earlier contained a security vulnerability. This vulnerability stemmed from the elFinder connector in the /editor/elfinder/php/connector.php endpoint...

8.8CVSS6.5AI score0.02804EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Xerte Online Toolkits 路径遍历漏洞

Xerte Online Toolkits is an online learning content creation platform provided by British company Xerte. Versions of Xerte Online Toolkits 3.15 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the elFinder connector in the /editor/elfinder/php/connector.php...

7.1CVSS6.2AI score0.02826EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Xerte Online Toolkits 安全漏洞

Xerte Online Toolkits is an online learning content creation platform provided by Xerte Ltd. in the UK. Versions of Xerte Online Toolkits 3.15 and earlier contained a security vulnerability. This vulnerability stemmed from the unvalidated user-accessible /setup page, which allowed access to the...

6.9CVSS5.8AI score0.00801EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/03/20 12:6 a.m.28 views

CVE-2026-32985 Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution

Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass...

9.8CVSS0.01479EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2026/02/27 12:0 a.m.182 views

📄 Xerte Online Toolkits 3.14 Shell Upload

A vulnerability in Xerte Online Toolkits versions 3.14 and earlier allows unauthenticated users to upload arbitrary files via the template import functionality. The issue exists in /websitecode/php/import/import.php. Due to missing authentication checks on the import endpoint, an attacker can...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/13 12:0 a.m.141 views

📄 Xerte Online Toolkits 3.14 Import Language Shell Upload

This Metasploit module exploits an authentication bypass allowing arbitrary file upload in Xerte Online Toolkits versions 3.14 of and earlier to upload and execute a shell. This module requires Metasploit: https://metasploit.com/download Current source:...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/13 12:0 a.m.141 views

📄 Xerte Online Toolkits 3.14 Upload Image Shell Upload

This Metasploit module exploits the user template file import functions unrestricted file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. This targets editor/uploadImage.php. This has only been tested in implementations where the authentication type is Db...

5.6AI score
Exploits0
Patchstack
Patchstack
added 2016/07/27 12:0 a.m.11 views

WordPress Xerte Online Plugin <= 0.35 - File Upload

This plugin is prone to a file upload vulnerability. Solution Update plugin...

2.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder