Textpattern CMS 4.6.2

CPE Details

Textpattern CMS 4.6.2
textpattern
textpattern
4.6.2
2019-06-07
16h19 +00:00
2019-06-07
16h19 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:textpattern:textpattern:4.6.2:*:*:*:*:*:*:*

Informations

Vendor

textpattern

Product

textpattern

Version

4.6.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-26852 2023-04-12 00h00 +00:00 An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
7.2
High
CVE-2021-40642 2022-06-29 08h25 +00:00 Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
4.3
Medium
CVE-2020-29458 2020-12-02 07h12 +00:00 Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
8.8
High
CVE-2018-7474 2018-03-14 13h00 +00:00 An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
9.8
Critical
CVE-2018-1000090 2018-03-13 14h00 +00:00 textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.
7.5
High