Vulnerability Description
Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request server-side. Unauthenticated attackers can perform file operations on project media directories including creating directories, uploading files, renaming files, duplicating files, overwriting files, and deleting files, which can be chained with path traversal and extension blocklist vulnerabilities to achieve remote code execution and arbitrary file read.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/bootstrapbool/xerteonlinetoolkits-rce
- https://github.com/thexerteproject/xerteonlinetoolkits/commit/02661be88cc369325e
- https://github.com/thexerteproject/xerteonlinetoolkits/commit/17e4f945fe6a3400fa
- https://github.com/thexerteproject/xerteonlinetoolkits/commit/507d55c5e91bf9310b
- https://github.com/thexerteproject/xerteonlinetoolkits/issues/1527
- https://www.vulncheck.com/advisories/xerte-online-toolkits-missing-authenticatio
- https://xerte.org.uk/index.php/en/downloads-1/category/3-xerte-online-toolkits
- https://xerte.org.uk/xertetoolkits_3.15_ChangeLog.html
FAQ
What is CVE-2026-34413?
CVE-2026-34413 is a vulnerability with a CVSS score of 8.6 (HIGH). Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauth...
How severe is CVE-2026-34413?
CVE-2026-34413 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34413?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.