PT-2026-41539

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb system/function/c system event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been...

EUVD-2026-23876

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

CVE-2026-6650 Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

PT-2026-33780

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb users/plugin/AppCentre/app upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available...

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-Blog community. A security vulnerability exists in Z-BlogPHP version 1.7.3, which stems from vulnerability to arbitrary code attack via zbusers hemeshell emplate execution...

PT-2024-28385 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.7.3 Description: A cross-site scripting XSS vulnerability in the Backend Theme Management module allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Z-BlogPHP version 1.7.3...

CVE-2020-29177

Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \appdel.php...

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP version 1.6.0, which stems from the passwordvisitinputpassword function in zbuser/plugin/passwordvisit/include.php that uses loose comparisons for authentication, which...

CVE-2018-9153

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

CVE-2018-8893

Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...

Z-BlogPHP Cross-Site Scripting Vulnerability

Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site scripting vulnerability exists in Z-BlogPHP version 1.5.1.1740. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...

CVE-2018-7736

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZCBLOGSUBNAME parameter or ZCUPLOADFILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability...

PT-2018-18247 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.1.1740 Description: There is a reported issue in Z-BlogPHP where the cmd.php file is susceptible to XSS attacks via the ZC BLOG SUBNAME parameter or the ZC UPLOAD FILETYPE parameter. However, the software maintainer...

Z-Blog php Edition front regular SQL blind injection vulnerability-vulnerability warning-the black bar safety net

Brief description: The second...also a bit puzzled want to ask your developer Detailed description: The problem /zbsystem/function/csystemcommon.php function GetVars$name,$type='REQUEST' if $type=='ENV' $array=&$ENV; if $type=='GET' $array=&$GET; if $type=='POST' $array=&$POST; if $type=='COOKIE'...