CVE-2018-7474

Summary (validated by multiple sources): Textpattern CMS 4.6.2 and earlier is vulnerable to SQL injection through the value of the qty parameter on the index.php page. The vulnerability is exploitable in contexts where an attacker with administrator-facing access can trigger the flaw, potentially...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

Design/Logic Flaw

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

CVE-2018-1000090

CVE-2018-1000090 affects Textpattern 4.6.2, where the Import XML feature is vulnerable to an XML Injection that can cause a Denial of Service by exhausting server memory. The exploit is described as uploading a specially crafted XML file; exploitation status is noted in sources, but there are no ...

Textpattern 4.6.2 SQL Injection

============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474 ============================================= I...

TextPattern 4.6.2 - qty SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...

TextPattern 4.6.2 - qty SQL Injection

TextPattern 4.6.2 - qty SQL Injection ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...

TextPattern 4.6.2 - 'qty' SQL Injection

============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474 ============================================= I...

Textpattern CMS 'index.php' XSS Vulnerability - Active Check

Textpattern CMS is prone to a cross-site scripting XSS vulnerability. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Reflected Cross-Site Scripting (XSS) in Textpattern

Advisory ID: HTB23223 Product: Textpattern Vendor: http://textpattern.com/ Vulnerable Versions: 4.5.5 and probably prior Tested Version: 4.5.5 Advisory Publication: July 9, 2014 without technical details Vendor Notification: July 9, 2014 Vendor Patch: September 20, 2014 Public Disclosure: October...

CVE-2014-4737

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

CVE-2014-4737

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

CVE-2014-4737

Textpattern CMS (Textpattern) prior to version 4.5.7 is affected by a Cross-Site Scripting (XSS) vulnerability. The issue arises from insufficient sanitization of input data passed via the PATH_INFO to setup/index.php, enabling remote attackers to inject arbitrary HTML/JavaScript. The CVE is CVE-...

CVE-2014-4737

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

Textpattern 4.5.5 Cross Site Scripting Vulnerability

Textpattern version 4.5.5 suffers from a cross site scripting vulnerability. Product: Textpattern Vendor: http://textpattern.com/ Vulnerable Versions: 4.5.5 and probably prior Tested Version: 4.5.5 Advisory Publication: July 9, 2014 without technical details Vendor Notification: July 9, 2014 Vend...

Textpattern 4.5.5 Cross Site Scripting

Advisory ID: HTB23223 Product: Textpattern Vendor: http://textpattern.com/ Vulnerable Versions: 4.5.5 and probably prior Tested Version: 4.5.5 Advisory Publication: July 9, 2014 without technical details Vendor Notification: July 9, 2014 Vendor Patch: September 20, 2014 Public Disclosure: October...

Reflected Cross-Site Scripting (XSS) in Textpattern

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Textpattern, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Reflected Cross-Site Scripting XSS in Textpattern: CVE-2014-4737 The vulnerability exists due to insufficie...