3 matches found
CVE-2018-7474
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php...
CVE-2018-7474
Summary (validated by multiple sources): Textpattern CMS 4.6.2 and earlier is vulnerable to SQL injection through the value of the qty parameter on the index.php page. The vulnerability is exploitable in contexts where an attacker with administrator-facing access can trigger the flaw, potentially...
TextPattern 4.6.2 - 'qty' SQL Injection
============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474 ============================================= I...