Textpattern CMS 4.7.3

CPE Details

Textpattern CMS 4.7.3
textpattern
textpattern
4.7.3
2019-06-07
16h19 +00:00
2019-06-07
16h19 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:textpattern:textpattern:4.7.3:*:*:*:*:*:*:*

Informations

Vendor

textpattern

Product

textpattern

Version

4.7.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-26852 2023-04-12 00h00 +00:00 An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
7.2
Haute
CVE-2021-40642 2022-06-29 08h25 +00:00 Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
4.3
Moyen
CVE-2020-19510 2021-06-21 16h04 +00:00 Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
9.8
Critique