CVE-2018-1000090

HIGH

Textpattern 4.6.2 - XML Injection

Title source: llm

Description

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/textpattern/textpattern/issues/1141

Scores

CVSS v3 7.5

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-611

Status published

Products (1)

textpattern/textpattern 4.6.2

Published Mar 13, 2018

Tracked Since Feb 18, 2026