CVE-2024-35539

MEDIUM

Typecho - Authentication Bypass by Spoofing

Title source: rule

Description

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.

Exploits (2)

exploitdb WORKING POC

by cyberaz0r · gowebappsphp

https://www.exploit-db.com/exploits/52161

View Code ZIP pw:eip

github WORKING POC 1 stars

by cyberaz0r · gopoc

https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/

[Product] https://typecho.org

Scores

CVSS v3 6.5

EPSS 0.0301

EPSS Percentile 86.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Details

CWE

CWE-290

Status published

Products (1)

typecho/typecho 1.3.0

Published Aug 19, 2024

Tracked Since Feb 18, 2026