XF2 Style Zenitho 2.3.7
- Author XenForo
- Creation date
-
- Tags
- xenforo xentr xentr zenitho zenitho
Hello,
I would like to report a serious security issue found inside the XENTR Zenith style package.
Two files included in the style contain backdoor-like behaviour:
1. /data/styles/19/styles/xentr/zenith/zenith.php
This file sends a silent Telegram notification to the theme author every time the file is executed.
The message includes:
The domain name of the website
The timestamp
The bot token and chat ID are hard-coded inside the file
This means the theme is performing unauthorized outbound communication and collecting site information without the administrator’s consent.
2. zenith_app.php
This file acts as a full-featured web-based file manager, allowing:
Uploading any file (including PHP)
Editing and overwriting server files
Deleting files and entire directories recursively
Creating ZIP backups
Extracting ZIP archives and applying chmod 777 permissions
Browsing the server’s file system
Executing all operations through simple GET/POST parameters
The file includes a hard-coded access password and provides complete unrestricted filesystem access, which represents a critical backdoor.
Conclusion
Both files constitute a severe security risk:
They are not documented in the style package
They perform unauthorized actions
They allow remote access and manipulation of server files
They can compromise the entire hosting environment
For the safety of all users, these files should be immediately removed from the style package and investigated.
Please provide an official explanation and updated, clean version of the style.
Thank you.
I would like to report a serious security issue found inside the XENTR Zenith style package.
Two files included in the style contain backdoor-like behaviour:
1. /data/styles/19/styles/xentr/zenith/zenith.phpThis file sends a silent Telegram notification to the theme author every time the file is executed.
The message includes:
The domain name of the website
The timestamp
The bot token and chat ID are hard-coded inside the file
This means the theme is performing unauthorized outbound communication and collecting site information without the administrator’s consent.
2. zenith_app.phpThis file acts as a full-featured web-based file manager, allowing:
Uploading any file (including PHP)
Editing and overwriting server files
Deleting files and entire directories recursively
Creating ZIP backups
Extracting ZIP archives and applying chmod 777 permissions
Browsing the server’s file system
Executing all operations through simple GET/POST parameters
The file includes a hard-coded access password and provides complete unrestricted filesystem access, which represents a critical backdoor.
ConclusionBoth files constitute a severe security risk:
They are not documented in the style package
They perform unauthorized actions
They allow remote access and manipulation of server files
They can compromise the entire hosting environment
For the safety of all users, these files should be immediately removed from the style package and investigated.
Please provide an official explanation and updated, clean version of the style.
Thank you.
