CVE-2018-7474
CRITICALTextpattern < 4.6.2 - SQL Injection
Title source: ruleDescription
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
Exploits (1)
exploitdb
WRITEUP
by Manuel García Cárdenas · textwebappsphp
https://www.exploit-db.com/exploits/44277
Scores
CVSS v3
9.8
EPSS
0.1714
EPSS Percentile
95.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
textpattern/textpattern
< 4.6.2
Published
Mar 14, 2018
Tracked Since
Feb 18, 2026