PT-2023-31459 · Unknown · Textpattern Cms

Fengzun

Publicado

2023-12-27

Atualizado

2024-01-04

CVE-2023-50038

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions textpattern cms version 4.8.8

Description There is an arbitrary file upload vulnerability in the background of textpattern cms, which leads to the loss of server permissions.

Recommendations For textpattern cms version 4.8.8, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting file upload capabilities to minimize the risk of exploitation.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-50038

Produtos afetados

Textpattern Cms

PT-2023-31459 · Unknown · Textpattern Cms

CVE-2023-50038

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8