CVE-2023-36220

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
Configurations

Configuration 1 (hide)

cpe:2.3:a:textpattern:textpattern:4.8.8:*:*:*:*:*:*:*

History

21 Nov 2024, 08:09

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de Directory Traversal en Textpattern CMS v4.8.8 permite a un atacante remoto autenticado ejecutar código arbitrario y obtener acceso a información confidencial a través de la función de carga del complemento.
References () https://packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry () https://packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry
References () https://release-demo.textpattern.co/ - Product () https://release-demo.textpattern.co/ - Product
References () https://textpattern.com/ - Product () https://textpattern.com/ - Product
References () https://textpattern.com/file_download/118/textpattern-4.8.8.zip - Release Notes () https://textpattern.com/file_download/118/textpattern-4.8.8.zip - Release Notes

Information

Published : 2023-08-07 14:15

Updated : 2024-11-21 08:09


NVD link : CVE-2023-36220

Mitre link : CVE-2023-36220

CVE.ORG link : CVE-2023-36220


JSON object : View

Products Affected

textpattern

  • textpattern
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')