Home Any version before 3.14.6
affected
Any version before 3.15.5
affected
Description
A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control.
Problem types
CWE-288: Authentication Bypass Using an Alternate Path or Channel
Product status
References
github.com/thexerteproject/xerteonlinetoolkits/issues/1532
github.com/...ommit/8fec6602e80c5d35903d65e65b65b794297d8e90
www.xerte.org.uk/...-3-14-and-3-15-important-security-update