Lucene search

PRIOn knowledge basePRION:CVE-2023-36220

HistoryAug 07, 2023 - 2:15 p.m.

Directory traversal

2023-08-0714:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

remote attacker

arbitrary code

sensitive information

upload function

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.

CPENameOperatorVersion
textpatterneq4.8.8

CPE	Name	Operator	Version
	textpattern	eq	4.8.8

References

packetstormsecurity.com/files/172967/Textpattern-CMS-4.8.8-Command-Injection.html

release-demo.textpattern.co/

textpattern.com/

textpattern.com/file_download/118/textpattern-4.8.8.zip