Shodan
Vulnerabilities
Vulnerable Software
Textpattern:  >> Textpattern  >> 4.0.5  Security Vulnerabilities
CVE-2023-26852
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.053
Published
2023-04-12
CVE-2021-40642
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-29
CVE-2018-7474
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
CVSS Score
9.8
EPSS Score
0.179
Published
2018-03-14
CVE-2014-4737
Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-10-10
CVE-2008-5757
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
CVSS Score
3.5
EPSS Score
0.002
Published
2008-12-30
CVE-2008-5668
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-12-19
CVE-2008-5669
index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.
CVSS Score
5.0
EPSS Score
0.007
Published
2008-12-19
CVE-2008-5670
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
CVSS Score
6.8
EPSS Score
0.005
Published
2008-12-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved