Shodan
Vulnerabilities
Vulnerable Software
Textpattern:  Security Vulnerabilities
CVE-2011-5019
Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter.
CVSS Score
4.3
EPSS Score
0.015
Published
2012-01-05
CVE-2011-3807
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-24
CVE-2010-3205
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2010-09-03
CVE-2008-5757
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
CVSS Score
3.5
EPSS Score
0.002
Published
2008-12-30
CVE-2008-5668
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-12-19
CVE-2008-5669
index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.
CVSS Score
5.0
EPSS Score
0.007
Published
2008-12-19
CVE-2008-5670
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
CVSS Score
6.8
EPSS Score
0.005
Published
2008-12-19
CVE-2006-5615
PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter.
CVSS Score
7.5
EPSS Score
0.021
Published
2006-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved