Vulnerabilities > Textpattern > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-28 | CVE-2023-50038 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.8 There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. | 8.8 |
| 2023-08-07 | CVE-2023-36220 | Path Traversal vulnerability in Textpattern 4.8.8 Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function. | 7.2 |
| 2023-04-28 | CVE-2023-24269 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.8.8 An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. | 8.8 |
| 2023-04-12 | CVE-2023-26852 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | 7.2 |
| 2021-06-21 | CVE-2020-19510 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern 4.7.3 Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | 7.5 |
| 2018-03-14 | CVE-2018-7474 | SQL Injection vulnerability in Textpattern An issue was discovered in Textpattern CMS 4.6.2 and earlier. | 7.5 |
| 2018-03-13 | CVE-2018-1000090 | XXE vulnerability in Textpattern 4.6.2 textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. | 7.8 |
| 2010-09-03 | CVE-2010-3205 | Code Injection vulnerability in Textpattern 4.2.0 PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | 7.5 |
| 2006-10-31 | CVE-2006-5615 | Remote File Include vulnerability in Textpattern 1.19 PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter. | 7.5 |