CVE-2020-29458

HIGH

Textpattern CMS 4.6.2 - Cross-Site Request Forgery via Prefs Subsystem

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-29458. PoCs published by Alperen Ergel.

AI-analyzed exploit summary This is a CSRF exploit for Textpattern CMS 4.6.2, demonstrating how an attacker can manipulate site preferences via a crafted HTML form. The PoC includes a sample request and an exploit form that can be used to trigger the vulnerability.

Description

Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.

Exploits (1)

exploitdb WORKING POC

by Alperen Ergel · textwebappsphp

https://www.exploit-db.com/exploits/48907

View Code ZIP pw:eip

This is a CSRF exploit for Textpattern CMS 4.6.2, demonstrating how an attacker can manipulate site preferences via a crafted HTML form. The PoC includes a sample request and an exploit form that can be used to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Textpattern CMS 4.6.2

Auth required

Prerequisites: Victim must be authenticated as an administrator · Victim must visit a malicious page hosting the exploit form

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/48907

Scores

CVSS v3 8.8

EPSS 0.0065

EPSS Percentile 46.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

textpattern/textpattern 4.6.2

Published Dec 02, 2020

Tracked Since Feb 18, 2026