TextPattern CMS 4.0.8

CPE Details

TextPattern CMS 4.0.8
textpattern
textpattern
4.0.8
2010-10-13
00h38 +00:00
2010-10-13
00h38 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:textpattern:textpattern:4.0.8:*:*:*:*:*:*:*

Informations

Vendor

textpattern

Product

textpattern

Version

4.0.8

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-26852 2023-04-12 00h00 +00:00 An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
7.2
Haute
CVE-2021-40642 2022-06-29 08h25 +00:00 Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
4.3
Moyen
CVE-2018-7474 2018-03-14 13h00 +00:00 An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
9.8
Critique
CVE-2014-4737 2014-10-10 12h00 +00:00 Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
4.3