349 matches found
TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)
!/usr/bin/python3 Exploit Title: TextPattern = 4.8.3 - Authenticated Remote Code Execution via Unrestricted File Upload Google Dork: N/A Date: 16/10/2020 Exploit Author: Michele '0blio' Cisternino Vendor Homepage: https://textpattern.com/ Software Link: https://github.com/textpattern/textpattern...
Textpattern CMS 4.6.2 - Cross-site Request Forgery
Exploit Title: Textpattern CMS 4.6.2 - Cross-site Request Forgery Exploit Author: Alperen Ergel Contact: @alprenae Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with Textpattern CMS" Date: 2020-10-29...
Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting
Exploit Title: Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with...
Textpattern CMS 4.6.2 Cross Site Scripting
Exploit Title: Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with...
CVE-2015-8033
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account...
CVE-2015-8032
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting...
Design/Logic Flaw
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account...
Design/Logic Flaw
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting...
CVE-2015-8033
The CVE-2015-8033 entry concerns Textpattern 4.5.7, where the password-reset feature does not securely tether a password hash to a user account. The NVD data lists CVSS v3.1 base metrics: 5.3 (Medium) with Network attack vector, Low attack complexity, no privileges required, no user interaction, ...
CVE-2015-8033
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account...
CVE-2015-8032
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting...
CVE-2015-8032
CVE-2015-8032 affects Textpattern 4.5.7. The vulnerability allows an unprivileged author to change an article's markup setting, indicating a permission/ownership flaw in how article markup is managed. The provided sources do not specify an exploit method or a patch/mitigation. The impact is limit...
File upload vulnerability in tx***_fi***.php file in TextpatternCMS backend
TextpatternCMS is a content management system written in PHP. A file upload vulnerability exists in the txfi.php file in the backend of TextpatternCMS. It allows an attacker to upload a webshell and gain server privileges...
SQL Code Injection
textpattern/lock is vulnerable to SQL injection. The attacker can launch the attack via the "qty" on the page index.php with authentication as administrator...
Textpattern CMS 'qty' SQL Injection Vulnerability
Textpattern CMS is an open source content management system CMS developed by the Textpattern team. The system supports creating, editing and publishing content. A SQL injection vulnerability exists in Textpattern CMS 4.6.2 and earlier versions. A remote attacker can use the 'qty' parameter on the...
textpattern denial of service vulnerability
textpattern is an excellent blogging system. A security vulnerability exists in the Import XML feature in textpattern version 4.6.2. An attacker can exploit this vulnerability by uploading a specially crafted XML file to cause a denial of service exhaustion of server memory resources...
CVE-2018-7474
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php...
Code injection
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php...
CVE-2018-7474
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php...
CVE-2018-7474
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php...