National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:textpattern:textpattern:4.2.0
There are 4 matching records.
Vuln ID Summary CVSS Severity

An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.

Published: March 14, 2018; 10:29:00 AM -04:00
V2: 7.5 HIGH

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.

Published: October 10, 2014; 10:55:08 AM -04:00
V2: 4.3 MEDIUM

Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.

Published: September 23, 2011; 08:55:03 PM -04:00
V2: 5.0 MEDIUM

PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

Published: September 03, 2010; 02:00:03 PM -04:00
V2: 7.5 HIGH