Textpattern CMS 4.4.1

CPE Details

Textpattern CMS 4.4.1
textpattern
textpattern
4.4.1
2019-06-07
16h19 +00:00
2019-06-07
16h19 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:textpattern:textpattern:4.4.1:*:*:*:*:*:*:*

Informations

Vendor

textpattern

Product

textpattern

Version

4.4.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-26852 2023-04-12 00h00 +00:00 An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
7.2
High
CVE-2021-40642 2022-06-29 08h25 +00:00 Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
4.3
Medium
CVE-2018-7474 2018-03-14 13h00 +00:00 An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
9.8
Critical
CVE-2014-4737 2014-10-10 12h00 +00:00 Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
4.3
CVE-2011-5019 2012-01-05 15h00 +00:00 Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter.
4.3