Textpattern » Textpattern » 4.2.0 : Security Vulnerabilities, CVEs,
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
Max CVSS
7.2
EPSS Score
0.15%
Published
2023-04-12
Updated
2023-04-21
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
Max CVSS
4.3
EPSS Score
0.06%
Published
2022-06-29
Updated
2022-07-07
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
Max CVSS
9.8
EPSS Score
2.93%
Published
2018-03-14
Updated
2018-04-11
Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
Max CVSS
4.3
EPSS Score
0.31%
Published
2014-10-10
Updated
2018-10-09
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
Max CVSS
7.5
EPSS Score
0.72%
Published
2010-09-03
Updated
2017-08-17
6 vulnerabilities found