Directory Traversal Vulnerability in Textpattern CMS by Textpattern
CVE-2023-36220

7.2HIGH

Key Information:

Vendor: Textpattern
Status: Textpattern
Vendor: CVE Published:; 7 August 2023

🔔 Create Textpattern Vulnerability Alert

What is CVE-2023-36220?

A directory traversal vulnerability exists in Textpattern CMS version 4.8.8, compromising file access control. This flaw enables a remote authenticated attacker to exploit the Upload function, allowing them to traverse the directory structure and execute arbitrary code. As a result, attackers can potentially gain unauthorized access to sensitive information stored on the server. It is imperative for users of this version to apply necessary updates to mitigate risks associated with this vulnerability.

References

https://textpattern.com/

https://textpattern.com/file_download/118/textpattern-4.8...

https://release-demo.textpattern.co/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jun 21, 2023

CVE-2023-36220 Data

JSON