Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.
https://textpattern.com/file_download/118/textpattern-4.8.8.zip