Textpattern

Textpattern

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2018-1000090

Exploit
  • EPSS 0.22%
  • Veröffentlicht 13.03.2018 15:29:01
  • Zuletzt bearbeitet 21.11.2024 03:39:37

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading...

4.3

CVE-2014-4737

Exploit
  • EPSS 0.38%
  • Veröffentlicht 10.10.2014 14:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.

4.3

CVE-2011-5019

Exploit
  • EPSS 3.02%
  • Veröffentlicht 05.01.2012 16:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter.

5

CVE-2011-3807

  • EPSS 0.28%
  • Veröffentlicht 24.09.2011 00:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.

7.5

CVE-2010-3205

Exploit
  • EPSS 0.94%
  • Veröffentlicht 03.09.2010 18:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

3.5

CVE-2008-5757

Exploit
  • EPSS 0.21%
  • Veröffentlicht 30.12.2008 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these d...

6.8

CVE-2008-5670

  • EPSS 0.55%
  • Veröffentlicht 19.12.2008 01:52:02
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.

5

CVE-2008-5669

Exploit
  • EPSS 0.74%
  • Veröffentlicht 19.12.2008 01:52:02
  • Zuletzt bearbeitet 09.04.2025 00:30:58

index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.

4.3

CVE-2008-5668

Exploit
  • EPSS 0.33%
  • Veröffentlicht 19.12.2008 01:52:02
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments previ...

7.5

CVE-2006-5615

Exploit
  • EPSS 2.09%
  • Veröffentlicht 31.10.2006 01:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter.