Home Tools Exploits & CVE's Textpattern CMS 4.8.8 Command Injection

Textpattern CMS 4.8.8 Command Injection

June 19, 2023

246

Authored by tmrswrr

Textpattern CMS version 4.8.8 suffers from a command injection vulnerability.

# Exploit Title: Textpattern CMS v4.8.8 - Command Injection (Authenticated)
# Date: 2023-06-15
# Exploit Author: tmrswrr
# Vendor Homepage: https://textpattern.com/
# Software Link: https://textpattern.com/file_download/118/textpattern-4.8.8.zip
# Version: v4.8.8
# Tested : https://release-demo.textpattern.co/


--- Description ---

Textpattern CMS Upload Plugin Command Injection:
1) Login admin page , choose Plugin , Choose command.php file inside this payload: : 
system('id');
2) Save it and do Active plugin yes and click Update from disk
3) After open page you will see result: 
https://release-demo.textpattern.co/
uid=33(www-data) gid=33(www-data) groups=33(www-data)

Textpattern CMS 4.8.8 Command Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Systemd Insecure PTY Handling

Drupal-Wiki 8.31 / 8.30 Cross Site Scripting

Kortex 1.0 SQL Injection

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

Millhouse-Project 1.414 Shell Upload

GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL...

Packet Storm New Exploits For November, 2023