An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.
References
Link | Resource |
---|---|
https://drive.google.com/drive/folders/1x55FGWZydBRxFyTVIAL1ynnk1X7gfIq9?usp=sharing | Exploit Third Party Advisory |
https://github.com/leekenghwa/CVE-2023-26852-Textpattern-v4.8.8-and- | Exploit Third Party Advisory |
https://github.com/textpattern/textpattern | Product |
Configurations
History
21 Apr 2023, 03:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CWE | CWE-434 | |
References | (MISC) https://github.com/textpattern/textpattern - Product | |
References | (MISC) https://github.com/leekenghwa/CVE-2023-26852-Textpattern-v4.8.8-and- - Exploit, Third Party Advisory | |
References | (MISC) https://drive.google.com/drive/folders/1x55FGWZydBRxFyTVIAL1ynnk1X7gfIq9?usp=sharing - Exploit, Third Party Advisory | |
First Time |
Textpattern
Textpattern textpattern |
|
CPE | cpe:2.3:a:textpattern:textpattern:*:*:*:*:*:*:*:* |
12 Apr 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-12 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-26852
Mitre link : CVE-2023-26852
CVE.ORG link : CVE-2023-26852
JSON object : View
Products Affected
textpattern
- textpattern
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type