GHSA-338w-wpc4-3pf4CriticalCVSS 9.8
A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the...
🔗 CVE IDs covered (1)
📋 Description
A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.
🔗 References (5)
- https://nvd.nist.gov/vuln/detail/CVE-2026-12116
- https://github.com/thexerteproject/xerteonlinetoolkits/issues/1543
- https://github.com/thexerteproject/xerteonlinetoolkits/commit/8ef20628f80bd88bd1fe3e5844a9116a910086b7
- https://www.xerte.org.uk/index.php/en/news/blog/80-news/364-xerte-3-14-and-3-15-important-security-update
- https://github.com/advisories/GHSA-338w-wpc4-3pf4