| |
Vulnerability CVE-2018-1000090
Published: 2018-03-13
Description: |
textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file. |
Type:
CWE-611 (Information Exposure Through XML External Entity Reference)
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.8/10 |
6.9/10 |
10/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
None |
None |
Complete |
References: |
https://github.com/textpattern/textpattern/issues/1141
|
|
|
Copyright 2024, cxsecurity.com
|
|
|