Lucene search
K

163 matches found

CVE
CVE
added 2024/07/08 12:0 a.m.68 views

CVE-2024-39203

The CVE-2024-39203 entry corresponds to a cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3. A crafted payload can execute arbitrary web scripts or HTML in the context of the affected web application. Documented impact indicates user interaction i...

6.1CVSS5.6AI score0.00683EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/08 12:0 a.m.15 views

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.8AI score0.00683EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/08 12:0 a.m.29 views

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

0.00683EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.7 views

Z-BlogPHP 跨站脚本漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP version v.1.0. A local attacker exploited the vulnerability to execute arbitrary code via a specially crafted payload in the title parameter of the module management model...

6.1CVSS6.8AI score0.00425EPSS
Exploits1References2
NVD
NVD
added 2022/09/20 9:15 p.m.18 views

CVE-2022-40357

A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...

9.8CVSS0.01208EPSS
Exploits1References1
OSV
OSV
added 2022/09/20 9:15 p.m.8 views

CVE-2022-40357

A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...

9.8CVSS7.5AI score
Exploits0References1
Prion
Prion
added 2022/09/20 9:15 p.m.16 views

Server side request forgery (ssrf)

A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...

7.5CVSS9.5AI score0.01208EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/20 8:1 p.m.12 views

CVE-2022-40357

A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...

9.7AI score0.01208EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/09/20 8:1 p.m.24 views

CVE-2022-40357

A security issue was discovered in Z-BlogPHP = 1.7.2. A Server-Side Request Forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter...

9.9AI score0.01208EPSS
Exploits1References1
CVE
CVE
added 2022/09/20 8:1 p.m.70 views

CVE-2022-40357

Z-BlogPHP

9.8CVSS9.6AI score0.01208EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.8 views

Z-BlogPHP 代码问题漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP 1.7.2 and earlier versions, which stems from a server-side request forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file that allows a remote...

9.8CVSS8.5AI score0.01208EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/20 12:0 a.m.5 views

PT-2022-25359 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP versions prior to 1.7.3 Description: A security issue was discovered that allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter, due to a Server-Side...

9.8CVSS9.4AI score0.01208EPSS
Exploits1References3
CNVD
CNVD
added 2021/12/06 12:0 a.m.23 views

Z-BlogPHP arbitrary file upload vulnerability

Z-BlogPHP is an open source PHP-based blogging system from the Z-blog community.Z-BlogPHP is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via carefully crafted JPG files...

7.8CVSS6.3AI score0.00835EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/06 12:0 a.m.24 views

Z-BlogPHP arbitrary file deletion vulnerability

Z-BlogPHP is an open source PHP-based blogging system from the Z-blog community.Z-BlogPHP is vulnerable to an arbitrary file deletion vulnerability that stems from the inclusion of an arbitrary file deletion vulnerability via appdel.php. No detailed vulnerability details are currently available...

9.1CVSS3.4AI score0.0093EPSS
Exploits0References1
NVD
NVD
added 2021/12/02 11:15 p.m.20 views

CVE-2020-29177

Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \appdel.php...

9.1CVSS0.0093EPSS
Exploits0References1
OSV
OSV
added 2021/12/02 11:15 p.m.4 views

CVE-2020-29176

An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file...

7.8CVSS7.4AI score0.00835EPSS
Exploits0References1
NVD
NVD
added 2021/12/02 11:15 p.m.18 views

CVE-2020-29176

An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file...

7.8CVSS0.00835EPSS
Exploits0References1
Prion
Prion
added 2021/12/02 11:15 p.m.16 views

Arbitrary file deletion

Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \appdel.php...

6.4CVSS9.2AI score0.0093EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/02 11:15 p.m.18 views

Design/Logic Flaw

An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file...

6.8CVSS7.8AI score0.00835EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/12/02 10:21 p.m.54 views

CVE-2020-29177

CVE-2020-29177 affects Z-BlogPHP v1.6.1.2100, with an arbitrary file deletion vulnerability exploitable via the path \app_del.php. The connected documents consistently identify the affected software and the vulnerability class but do not provide deeper technical specifics about the root cause bey...

9.1CVSS9.3AI score0.0093EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder