CVE-2023-50038
HIGH WAF: Medium
CVSS 8.8
Published: 2023-12-28
CWE-434
There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| textpattern | textpattern | 4.8.8 |
References
- gist.github.com (Third Party Advisory)
- www.cnblogs.com (Exploit)