Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Directory Traversal vulnerability in Textpattern CMS v4.8.8
Hi there,
A client’s provider just notified me on this vulnerability: https://www.cvedetails.com/cve/CVE-2023-36220/
They classify this as HIGH … any thoughts and fixes?
Cheers,
-martin
Offline
Re: Directory Traversal vulnerability in Textpattern CMS v4.8.8
Hmmm, will investigate. As far as I’m aware. this hasn’t come through our official security channel.
Thank you for the notification. Wouldn’t have spotted it otherwise.
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: Directory Traversal vulnerability in Textpattern CMS v4.8.8
Bloke, no problem, I was quite surprised as well by the email.
Thanx, as always.
Offline
Re: Directory Traversal vulnerability in Textpattern CMS v4.8.8
From that page there is also another linked issue. Not sure if this the same one (the date is a couple of months earlier). But that one looks like it’s covered by our security considerations and is probably mitigated by employing .htaccess, as we recommend. But we’ll check that one out too just in case.
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline