National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:textpattern:textpattern:4.2.0
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-7474

An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.

Published: March 14, 2018; 10:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2014-4737

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.

Published: October 10, 2014; 10:55:08 AM -04:00
V2: 4.3 MEDIUM
CVE-2011-3807

Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.

Published: September 23, 2011; 08:55:03 PM -04:00
V2: 5.0 MEDIUM
CVE-2010-3205

PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

Published: September 03, 2010; 02:00:03 PM -04:00
V2: 7.5 HIGH