Textpattern CMS 4.6.2

CPE Details

Textpattern CMS 4.6.2
textpattern
textpattern
4.6.2
2019-06-07
16h19 +00:00
2019-06-07
16h19 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:textpattern:textpattern:4.6.2:*:*:*:*:*:*:*

Informations

Vendor

textpattern

Product

textpattern

Version

4.6.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-26852 2023-04-12 00h00 +00:00 An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
7.2
Haute
CVE-2021-40642 2022-06-29 08h25 +00:00 Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
4.3
Moyen
CVE-2020-29458 2020-12-02 07h12 +00:00 Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
8.8
Haute
CVE-2018-7474 2018-03-14 13h00 +00:00 An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
9.8
Critique
CVE-2018-1000090 2018-03-13 14h00 +00:00 textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.
7.5
Haute