PT-2023-20824 · Unknown · Textpattern
Leekenghwa
·
Published
2023-04-12
·
Updated
2025-02-10
·
CVE-2023-26852
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Textpattern versions 4.8.8 and below
Description
An arbitrary file upload vulnerability in the upload plugin allows attackers to execute arbitrary code by uploading a crafted PHP file.
Recommendations
For Textpattern versions 4.8.8 and below, update to a version above 4.8.8 to resolve the issue.
As a temporary workaround, consider disabling the upload plugin until a patch is available.
Restrict access to the upload functionality to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Textpattern