Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-34414

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-22 Apr, 2026 | 18:32
Updated At-29 Apr, 2026 | 13:46
Rejected At-
Credits

Xerte Online Toolkits Path Traversal via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value containing directory traversal sequences to move files from project media directories to arbitrary locations on the filesystem, potentially overwriting application files, achieving stored cross-site scripting, or combining with other vulnerabilities to achieve unauthenticated remote code execution by moving PHP code files to the application root.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:22 Apr, 2026 | 18:32
Updated At:29 Apr, 2026 | 13:46
Rejected At:
▼CVE Numbering Authority (CNA)
Xerte Online Toolkits Path Traversal via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value containing directory traversal sequences to move files from project media directories to arbitrary locations on the filesystem, potentially overwriting application files, achieving stored cross-site scripting, or combining with other vulnerabilities to achieve unauthenticated remote code execution by moving PHP code files to the application root.

Affected Products
Vendor
thexerteproject
Product
xerteonlinetoolkits
Repo
https://github.com/thexerteproject/xerteonlinetoolkits
Default Status
unaffected
Versions
Affected
  • 3.15.0 (semver)
  • 3.14.0 (semver)
  • 3.13.0 (semver)
  • From 0 before 02661be88cc369325ea01b508086bde7fbfec805 (git)
  • From 0 before 17e4f945fe6a3400fa88c01eda18c1075ee4a212 (git)
  • From 0 before 507d55c5e91bf9310b5b1c7fad8aebfef902ad23 (git)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
bootstrapbool
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/bootstrapbool/xerteonlinetoolkits-rce
technical-description
exploit
https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html
release-notes
https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits
product
permissions-required
https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527
issue-tracking
https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805
patch
https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212
patch
https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23
patch
https://www.vulncheck.com/advisories/xerte-online-toolkits-path-traversal-via-connector-php
third-party-advisory
Hyperlink: https://github.com/bootstrapbool/xerteonlinetoolkits-rce
Resource:
technical-description
exploit
Hyperlink: https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html
Resource:
release-notes
Hyperlink: https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits
Resource:
product
permissions-required
Hyperlink: https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527
Resource:
issue-tracking
Hyperlink: https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805
Resource:
patch
Hyperlink: https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212
Resource:
patch
Hyperlink: https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/xerte-online-toolkits-path-traversal-via-connector-php
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:22 Apr, 2026 | 19:17
Updated At:24 Apr, 2026 | 20:16

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value containing directory traversal sequences to move files from project media directories to arbitrary locations on the filesystem, potentially overwriting application files, achieving stored cross-site scripting, or combining with other vulnerabilities to achieve unauthenticated remote code execution by moving PHP code files to the application root.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Type: Secondary
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-22Secondarydisclosure@vulncheck.com
CWE ID: CWE-22
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/bootstrapbool/xerteonlinetoolkits-rcedisclosure@vulncheck.com
N/A
https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805disclosure@vulncheck.com
N/A
https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212disclosure@vulncheck.com
N/A
https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23disclosure@vulncheck.com
N/A
https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/xerte-online-toolkits-path-traversal-via-connector-phpdisclosure@vulncheck.com
N/A
https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkitsdisclosure@vulncheck.com
N/A
https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.htmldisclosure@vulncheck.com
N/A
Hyperlink: https://github.com/bootstrapbool/xerteonlinetoolkits-rce
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325ea01b508086bde7fbfec805
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa88c01eda18c1075ee4a212
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b5b1c7fad8aebfef902ad23
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/xerte-online-toolkits-path-traversal-via-connector-php
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1Records found
CVE-2024-49760
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.57% / 68.58%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 21:35
Updated-06 Nov, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenRefine has a path traversal in LoadLanguageCommand

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the form `translations-$LANG.json`. But when doing so in versions prior to 3.8.3, it does not check that the resulting path is in the expected directory, which means that this command could be exploited to read other JSON files on the file system. Version 3.8.3 addresses this issue.

Action-Not Available
Vendor-openrefineOpenRefine
Product-openrefineOpenRefine
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Details not found