Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
https://release-demo.textpattern.co/ | Product |
https://textpattern.com/ | Product |
https://textpattern.com/file_download/118/textpattern-4.8.8.zip | Release Notes |
https://packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
https://release-demo.textpattern.co/ | Product |
https://textpattern.com/ | Product |
https://textpattern.com/file_download/118/textpattern-4.8.8.zip | Release Notes |
Configurations
History
21 Nov 2024, 08:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://release-demo.textpattern.co/ - Product | |
References | () https://textpattern.com/ - Product | |
References | () https://textpattern.com/file_download/118/textpattern-4.8.8.zip - Release Notes |
Information
Published : 2023-08-07 14:15
Updated : 2024-11-21 08:09
NVD link : CVE-2023-36220
Mitre link : CVE-2023-36220
CVE.ORG link : CVE-2023-36220
JSON object : View
Products Affected
textpattern
- textpattern
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')