Documentation fixes

Author: bootstrapbool

documentation/modules/exploit/multi/http/xerte_unauthenticated_mediaupload.md

@@ -1,7 +1,9 @@
 ## Vulnerable Application
 
 This module exploits authentication failure, extension blacklist, and path
-traversal vulnerabilities in Xerte Online Toolkits versions 3.15 and earlier.
+traversal vulnerabilities in Xerte Online Toolkits versions 3.15 (at commit
+4e40f8030a2e3267267db7ce03e0ff57270be6f5 as they do not use patch versions)
+and earlier.
 
 The vulnerabilities exists in the /editor/elfinder/php/connector.php endpoint
 which which fails to kill execution after redirecting unauthenticated users.
@@ -10,7 +12,7 @@ directory to the webroot by using the elfinder "rename" functionality. Because
 of an improper use of regex in the file extension filter, the file can be
 renamed to have a .php4 extension, thus allowing remote code execution.
 
-Tested Contact Form version 1.7.36 on Ubuntu 24.04 and Windows 10.
+Tested Xerte 3.15, 3.14, and 3.13 on Ubuntu 24.04 and 3.15 on Windows 10.
 
 ## Setup