Vulnerability Details CVE-2021-44664
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.135
EPSS Ranking 93.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/166182/Xerte-3.9-Remote-Code-Execution.html
- https://github.com/thexerteproject/xerteonlinetoolkits/commit/1672d6f46bbd6f6d42f0903ce9a313927ae2836b#diff-27433bb0be90e431d40986f9afebe9ee2f8d1025a7f9e55c3cd7a86f1f8e3fdc
- https://github.com/thexerteproject/xerteonlinetoolkits/commit/6daeb81d089d4a561e22f931fff1327660a7d1b5
- https://riklutz.nl/2021/11/03/authenticated-file-upload-to-remote-code-execution-in-xerte/
- http://packetstormsecurity.com/files/166182/Xerte-3.9-Remote-Code-Execution.html
- https://github.com/thexerteproject/xerteonlinetoolkits/commit/1672d6f46bbd6f6d42f0903ce9a313927ae2836b#diff-27433bb0be90e431d40986f9afebe9ee2f8d1025a7f9e55c3cd7a86f1f8e3fdc
- https://github.com/thexerteproject/xerteonlinetoolkits/commit/6daeb81d089d4a561e22f931fff1327660a7d1b5
- https://riklutz.nl/2021/11/03/authenticated-file-upload-to-remote-code-execution-in-xerte/