349 matches found
CVE-2026-30452
Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...
PT-2026-34006
Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...
CVE-2026-30452
Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...
CVE-2026-30452
CVE-2026-30452 affects Textpattern CMS 4.9.0. A Broken Access Control flaw in the article management workflow lets authenticated users with low privileges modify articles owned by higher-privilege users. By altering the article ID parameter during the duplicate-and-save process in textpattern/inc...
Textpattern CMS 安全漏洞
Textpattern CMS is a content management system based on PHP developed by the Textpattern team. Version 4.9.0 of Textpattern CMS has a security vulnerability. This vulnerability stems from an access control flaw in the article management system, which may allow users with low privileges to modify...
CVE-2026-30452
Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...
CVE-2026-5344
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...
EUVD-2026-18346
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...
CVE-2026-5344
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...
CVE-2026-5344 Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...
CVE-2026-5344 Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...
CVE-2026-5344
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...
CVE-2026-5344
Textpattern up to 4.9.1 is affected. The vulnerability lies in the XML-RPC Handler’s mt_uploadImage function (rpc/TXP_RPCServer.php) where manipulation of the file.name argument enables path traversal. This permits remote exploitation, and publicly disclosed exploits exist. The vendor has acknowl...
Textpattern 路径遍历漏洞
Textpattern is a simple yet beautiful blog engine developed by the Textpattern team. Textpattern versions 4.9.1 and earlier had a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter file.name in the mtUploadImage function of the XML-RPC Handler...
PT-2026-29786
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt uploadImage of the file rpc/TXP RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...
CVE-2026-32986
Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...
EUVD-2026-13724
A Second-Order Cross-Site Scripting XSS vulnerability exists in Textpattern CMS version 4.9.0 due to improper sanitization and contextual encoding of user-supplied input embedded within Atom feed XML elements. User-controlled parameters e.g., category are reflected into Atom fields such as and...
CVE-2026-32986
Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...
CVE-2026-32986 Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection
Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...
CVE-2026-32986
Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as category th...