Vulnerabilities > Textpattern > Textpattern > 4.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-12 | CVE-2023-26852 | Unrestricted Upload of File with Dangerous Type vulnerability in Textpattern An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | 7.2 |
| 2022-06-29 | CVE-2021-40642 | Missing Encryption of Sensitive Data vulnerability in Textpattern Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. | 4.3 |
| 2018-03-14 | CVE-2018-7474 | SQL Injection vulnerability in Textpattern An issue was discovered in Textpattern CMS 4.6.2 and earlier. | 7.5 |
| 2014-10-10 | CVE-2014-4737 | Cross-Site Scripting vulnerability in Textpattern Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php. | 4.3 |
| 2011-09-24 | CVE-2011-3807 | Information Exposure vulnerability in Textpattern 4.2.0 Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files. | 5.0 |
| 2010-09-03 | CVE-2010-3205 | Code Injection vulnerability in Textpattern 4.2.0 PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | 7.5 |