Typecho v1.3.0 contains Client IP Spoofing vulnerability
CVE-2024-35538

5.3MEDIUM

Key Information:

Vendor: Typecho
Status: Typecho
Vendor: CVE Published:; 19 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-35538?

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Typecho-Multiple-Vulnerabilities
Created by cyberaz0r

References

https://typecho.org

https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabi...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 19, 2024
👾
Exploit known to exist
Aug 19, 2024
Vulnerability published
Aug 19, 2024

CVE-2024-35538 Data

JSON