ID CVE-2018-1000090
Summary textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.
References
Vulnerable Configurations
  • cpe:2.3:a:textpattern:textpattern:4.6.2
    cpe:2.3:a:textpattern:textpattern:4.6.2
CVSS
Base: 7.8
Impact:
Exploitability:
CWE CWE-611
CAPEC
refmap via4
misc https://github.com/textpattern/textpattern/issues/1141
Last major update 13-03-2018 - 11:29
Published 13-03-2018 - 11:29
Last modified 13-04-2018 - 10:37
Back to Top