13 results (0.001 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. • https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Information%20leakage/en-us.md https://vuldb.com/?ctiid.247250 https://vuldb.com/?id.247250 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-IDOR/en-us.md https://vuldb.com/?ctiid.247249 https://vuldb.com/?id.247249 • CWE-912: Hidden Functionality •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Stored%20XSS/en-us.md https://vuldb.com/?ctiid.247248 https://vuldb.com/?id.247248 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc. Se descubrió que Typecho v1.2.1 era vulnerable a un ataque XML Quadratic Blowup a través del componente /index.php/action/xmlrpc. • https://github.com/typecho/typecho/issues/1648 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php. • https://github.com/MentalityXt/typecho-v1.2.1-RCE https://github.com/typecho/typecho/releases/tag/v1.2.1 • CWE-434: Unrestricted Upload of File with Dangerous Type •