CVE-2026-6650

Z-BlogPHP 1.7.5 contains a vulnerability in the App::UnPack function of /zb_users/plugin/AppCentre/app_upload.php (ZBA File Handler) that allows unrestricted file upload. Impact is described as unrestricted upload with network/remote initiation; exploitation is publicly available per the CVE entr...

CVE-2018-18842

CSRF exists in zbusers/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 Zero, which allows remote attackers to execute arbitrary PHP code...

Z-BlogPHP Cross-Site Request Forgery Vulnerability

Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site request forgery vulnerability exists in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability to delete the users directory and files with the help of the...

CVE-2018-6656

Z-BlogPHP 1.5.1 has CSRF via zbusers/plugin/AppCentre/appdel.php, as demonstrated by deleting files and directories...

CVE-2018-6656

Z-BlogPHP 1.5.1 has CSRF via zbusers/plugin/AppCentre/appdel.php, as demonstrated by deleting files and directories...