{"api_version":"1","generated_at":"2026-04-23T04:11:03+00:00","cve":"CVE-2018-1000090","urls":{"html":"https://cve.report/CVE-2018-1000090","api":"https://cve.report/api/cve/CVE-2018-1000090.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-1000090","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000090"},"summary":{"title":"CVE-2018-1000090","description":"textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-03-13 15:29:00","updated_at":"2018-04-13 14:37:00"},"problem_types":["CWE-611"],"metrics":[],"references":[{"url":"https://github.com/textpattern/textpattern/issues/1141","name":"https://github.com/textpattern/textpattern/issues/1141","refsource":"MISC","tags":["Exploit","Issue Tracking","Third Party Advisory"],"title":"XML Injection Denial of Service · Issue #1141 · textpattern/textpattern · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-1000090","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000090","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"1000090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"textpattern","cpe5":"textpattern","cpe6":"4.6.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1000090","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"textpattern","cpe5":"textpattern","cpe6":"4.6.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","DATE_ASSIGNED":"2/3/2018 18:04:44","ID":"CVE-2018-1000090","REQUESTER":"sajeeb.lohani@bulletproof.sh","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://github.com/textpattern/textpattern/issues/1141","refsource":"MISC","url":"https://github.com/textpattern/textpattern/issues/1141"}]}},"nvd":{"publishedDate":"2018-03-13 15:29:00","lastModifiedDate":"2018-04-13 14:37:00","problem_types":["CWE-611"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":7.8},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:textpattern:textpattern:4.6.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"1000090","Ordinal":"123548","Title":"CVE-2018-1000090","CVE":"CVE-2018-1000090","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"1000090","Ordinal":"1","NoteData":"textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"1000090","Ordinal":"2","NoteData":"2018-03-13","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"1000090","Ordinal":"3","NoteData":"2018-03-13","Type":"Other","Title":"Modified"}]}}}