Unauthenticated attackers can execute arbitrary code on the host server by exploiting a file upload vulnerability in Xerte Online Toolkits.

This is an unauthenticated arbitrary file upload vulnerability located in the template import functionality (import.php). Attackers can bypass authentication checks to upload a crafted ZIP archive containing PHP payloads, which are then extracted to a web-accessible directory for execution.

Successful exploitation allows an attacker to gain unauthorized shell access to the web server. This leads to the potential for complete data exfiltration, system downtime, and long-term persistence within the environment. The CVSS score of 9.8 indicates a critical risk to any organization hosting Xerte Online Toolkits.

Immediate Action: Upgrade Xerte Online Toolkits to the latest version (3.15 or higher) to resolve the authentication bypass and secure the file import logic.

Proactive Monitoring: Inspect the media and template directories for unexpected PHP files and monitor for unusual outbound network connections from the web server.

Compensating Controls: Disable PHP execution in directories where user-uploaded content is stored and implement strict file extension filtering at the web server level.

Public Exploit Available: false

Immediate remediation is required to prevent server compromise. Administrators should apply the latest security updates and verify that the import.php file is no longer accessible to unauthenticated users. A full compromise assessment is recommended if the software has been exposed to the internet without updates.