National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:textpattern:textpattern:4.5.2
There are 2 matching records.
Vuln ID Summary CVSS Severity

An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.

Published: March 14, 2018; 10:29:00 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.

Published: October 10, 2014; 10:55:08 AM -04:00
    V2: 4.3 MEDIUM