CVE-2024-35538

MEDIUM

Typecho - HTTP Request Smuggling

Title source: rule

Description

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

Exploits (1)

nomisec WORKING POC 1 stars

by cyberaz0r · poc

https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities

View Code ZIP pw:eip

References (2)

[Exploit, Release Notes, Third Party Advisory] https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/

[Product] https://typecho.org

Scores

CVSS v3 5.3

EPSS 0.0072

EPSS Percentile 72.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-290 CWE-444

Status published

Affected Products (1)

typecho/typecho

Timeline

Published Aug 19, 2024

Tracked Since Feb 18, 2026