163 matches found
CVE-2024-39203
The CVE-2024-39203 entry corresponds to a cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3. A crafted payload can execute arbitrary web scripts or HTML in the context of the affected web application. Documented impact indicates user interaction i...
CVE-2024-39203
A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-39203
A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Z-BlogPHP 跨站脚本漏洞
Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP version v.1.0. A local attacker exploited the vulnerability to execute arbitrary code via a specially crafted payload in the title parameter of the module management model...
CVE-2022-40357
A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...
CVE-2022-40357
A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...
Server side request forgery (ssrf)
A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...
CVE-2022-40357
A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...
CVE-2022-40357
A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...
CVE-2022-40357
Z-BlogPHP
Z-BlogPHP 代码问题漏洞
Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP 1.7.2 and earlier versions, which stems from a server-side request forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file that allows a remote...
PT-2022-25359 · Z Blogphp · Z-Blogphp
Name of the Vulnerable Software and Affected Versions: Z-BlogPHP versions prior to 1.7.3 Description: A security issue was discovered that allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter, due to a Server-Side...
Z-BlogPHP arbitrary file upload vulnerability
Z-BlogPHP is an open source PHP-based blogging system from the Z-blog community.Z-BlogPHP is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via carefully crafted JPG files...
Z-BlogPHP arbitrary file deletion vulnerability
Z-BlogPHP is an open source PHP-based blogging system from the Z-blog community.Z-BlogPHP is vulnerable to an arbitrary file deletion vulnerability that stems from the inclusion of an arbitrary file deletion vulnerability via appdel.php. No detailed vulnerability details are currently available...
CVE-2020-29177
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \appdel.php...
CVE-2020-29176
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file...
CVE-2020-29176
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file...
Arbitrary file deletion
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \appdel.php...
Design/Logic Flaw
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file...
CVE-2020-29177
CVE-2020-29177 affects Z-BlogPHP v1.6.1.2100, with an arbitrary file deletion vulnerability exploitable via the path \app_del.php. The connected documents consistently identify the affected software and the vulnerability class but do not provide deeper technical specifics about the root cause bey...