CVE-2018-1000090

Опубликовано: 13 мар. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.

Ссылки

https://github.com/textpattern/textpattern/issues/1141
Exploit
Issue Tracking
Third Party Advisory
https://github.com/textpattern/textpattern/issues/1141
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:textpattern:textpattern:4.6.2:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00219

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

CVE-2018-1000090

CVSS3: 7.5

debian

почти 8 лет назад

textpattern version version 4.6.2 contains a XML Injection vulnerabili ...

GHSA-756f-mjwr-h9x4

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 44%

0.00219

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-611