CVE-2018-1000090
HIGHtextpattern 4.6.2 - Denial of Service via XML External Entity Injection in Import XML Feature
Title source: llmDescription
textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/textpattern/textpattern/issues/1141
Scores
CVSS v3
7.5
EPSS
0.0139
EPSS Percentile
68.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (1)
textpattern/textpattern
4.6.2
Published
Mar 13, 2018
Tracked Since
Feb 18, 2026