Home Any version before v3.15.5
affected
Any version before 3.14.6
affected
Description
A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed.
Problem types
CWE-94: Improper Control of Generation of Code ('Code Injection')
Product status
References
github.com/...ommit/8ef20628f80bd88bd1fe3e5844a9116a910086b7
github.com/thexerteproject/xerteonlinetoolkits/issues/1543
www.xerte.org.uk/...-3-14-and-3-15-important-security-update