CVE-2023-50038 — HIGH (8.8)

Vulnerability Description

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Textpattern	Textpattern	4.8.8

Related Weaknesses (CWE)

CWE-434

References

https://gist.github.com/LeopoldSkell/7e18bf09005c327a045abbfe39b1e676Third Party Advisory
https://www.cnblogs.com/fengzun/articles/17862578.htmlExploit
https://gist.github.com/LeopoldSkell/7e18bf09005c327a045abbfe39b1e676Third Party Advisory
https://www.cnblogs.com/fengzun/articles/17862578.htmlExploit

FAQ

What is CVE-2023-50038?

CVE-2023-50038 is a vulnerability with a CVSS score of 8.8 (HIGH). There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.

How severe is CVE-2023-50038?

CVE-2023-50038 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-50038?

Check the references section above for vendor advisories and patch information. Affected products include: Textpattern Textpattern.