PT-2025-2056 · Unknown · Langhsu Mblog Blog System
Vastzero
·
Published
2025-01-09
·
Updated
2025-01-09
·
CVE-2024-13198
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
langhsu Mblog Blog System version 3.5.0
Description
A problematic vulnerability has been found in the langhsu Mblog Blog System. The issue affects an unknown function of the file
/login, leading to an observable response discrepancy. This can be exploited remotely, but the complexity of the attack is rather high, and the exploitability is difficult. The exploit has been disclosed to the public.Recommendations
For version 3.5.0, as a temporary workaround, consider restricting access to the
/login file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Langhsu Mblog Blog System