CVE-2026-34414 | thexerteproject xerteonlinetoolkits up to 3.13.0/3.14.0/3.15.0 elFinder Connector Endpoint connector.php rename Name path traversal (ID 1527)

A vulnerability has been found in thexerteproject xerteonlinetoolkits up to 3.13.0/3.14.0/3.15.0 and classified as critical. The impacted element is the function rename of the file /editor/elfinder/php/connector.php of the component elFinder Connector Endpoint. This manipulation of the argument Name causes path traversal.

This vulnerability is tracked as CVE-2026-34414. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More