Textpattern Path Traversal Vulnerability in XML-RPC Handler

Vulnerability

A path traversal vulnerability has been identified in Textpattern versions prior to 4.9.1. The issue arises in the XML-RPC Handler, specifically within the mt_uploadImage function of the rpc/TXP_RPCServer.php file. This vulnerability allows for remote exploitation by manipulating the file.name argument.

Impact

Exploitation of this vulnerability allows for path traversal, which could lead to unauthorized file access or manipulation on the server.

Added: May 3, 2026, 11:23 AM

Updated: May 3, 2026, 11:23 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.8

exploitability

6.8

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.8

exploitability

6.8

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Textpattern Path Traversal Vulnerability in XML-RPC Handler

Vulnerability

Impact

Affected Products

Textpattern

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating