CVE-2024-35539

Exploit

EPSS 1.45%
Veröffentlicht 19.08.2024 21:15:09
Zuletzt bearbeitet 01.05.2025 14:57:08
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typecho ≫ Typecho Version1.3.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.45%	0.698

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/

Third Party Advisory

Exploit

https://typecho.org

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-35539

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35539

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35539

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-35539