GHSA-338w-wpc4-3pf4CriticalCVSS 9.8

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the...

Published
July 9, 2026
Last Modified
July 9, 2026

🔗 CVE IDs covered (1)

📋 Description

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.

🔗 References (5)