XML Injection Vulnerability in Textpattern Version 4.6.2: Denial of Service via Crafted XML File

XML Injection Vulnerability in Textpattern Version 4.6.2: Denial of Service via Crafted XML File

CVE-2018-1000090 · HIGH Severity

AV:N/AC:L/AU:N/C:N/I:N/A:C

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.

Learn more about our Web App Pen Testing.