📦 Typecho

Typecho 1.1/17.10.30 contains a remote code execution vulnerability in install.php that allows attackers to execute arbitrary code on vulnerable servers. This affects all Typecho installations using t...

Typecho v1.2.1 is vulnerable to an XML Quadratic Blowup attack through its XML-RPC endpoint at /index.php/action/xmlrpc. This allows attackers to cause denial of service by sending specially crafted X...

This vulnerability allows remote attackers to upload malicious files and execute arbitrary code on Typecho v1.2.1 installations. Attackers can exploit the upload and options-general parameters in inde...

This cross-site scripting vulnerability in Typecho v1.2.1 allows attackers to inject malicious scripts into the Name parameter when posting comments. When other users view the comment, the script exec...

Typecho v1.3.0 contains a client IP spoofing vulnerability that allows attackers to falsify their IP addresses by manipulating X-Forwarded-For or Client-Ip HTTP headers. This affects all Typecho v1.3....