PT-2023-20824 · Unknown · Textpattern
Leekenghwa
·
Publicado
2023-04-12
·
Atualizado
2025-02-10
·
CVE-2023-26852
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Textpattern versions 4.8.8 and below
Description
An arbitrary file upload vulnerability in the upload plugin allows attackers to execute arbitrary code by uploading a crafted PHP file.
Recommendations
For Textpattern versions 4.8.8 and below, update to a version above 4.8.8 to resolve the issue.
As a temporary workaround, consider disabling the upload plugin until a patch is available.
Restrict access to the upload functionality to minimize the risk of exploitation.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Textpattern