CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.6%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 7.8

References

https://github.com/textpattern/textpattern/issues/1141
https://github.com/textpattern/textpattern/issues/1141

Products affected by CVE-2018-1000090

Textpattern » Textpattern » Version: 4.6.2

cpe:2.3:a:textpattern:textpattern:4.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000090

Products

Pricing

Contact Us