PT-2026-29786 · Unknown · Textpattern
Zsmaaa
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-5344
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Textpattern versions prior to 4.9.2
Description
A security issue exists in Textpattern up to version 4.9.1. The
mt uploadImage function within the rpc/TXP RPCServer.php file, part of the XML-RPC Handler component, is susceptible to path traversal due to manipulation of the file.name argument. This allows for remote exploitation. The details of the exploit have been publicly disclosed.Recommendations
Update to version 4.9.2 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Textpattern