Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
https://release-demo.textpattern.co/ | Product |
https://textpattern.com/ | Product |
https://textpattern.com/file_download/118/textpattern-4.8.8.zip | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-08-07T00:00:00
Updated: 2023-08-07T00:00:00
Reserved: 2023-06-21T00:00:00
Link: CVE-2023-36220
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-07T14:15:11.233
Modified: 2023-08-09T17:55:37.767
Link: CVE-2023-36220
JSON object: View
Redhat Information
No data.
CWE