Lucene search
K

220 matches found

Cvelist
Cvelist
added 2018/04/15 2:0 p.m.21 views

CVE-2018-9153

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

7.8AI score0.01226EPSS
Exploits0References1
CVE
CVE
added 2018/04/15 2:0 p.m.50 views

CVE-2018-9169

CVE-2018-9169 affects Z-BlogPHP 1.5.1 with a Cross-Site Scripting (XSS) vulnerability via the app_id parameter in zb_users/plugin/AppCentre/plugin_edit.php. The component must be accessed directly by an administrator or via CSRF. Root cause: improper handling of the app_id input enabling script i...

4.8CVSS4.9AI score0.00518EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/04/15 2:0 p.m.44 views

CVE-2018-9153

The CVE concerns Z-BlogPHP 1.5.1. The plugin upload component enables remote PHP code execution via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php due to an unanchored regular expression. Access must be direct by an administrator or via CSRF. This is a distinct issue from CVE-2...

7.2CVSS8.2AI score0.01226EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/04/02 12:0 a.m.5 views

Z-BlogPHP Cross-Site Request Forgery Vulnerability

Z-BlogPHP is a powerful blogging program. A cross-site request forgery vulnerability exists in pluginedit.php in Z-BlogPHP 1.5.1 Zero. An attacker can exploit this vulnerability to execute arbitrary PHP code...

8.8CVSS7.4AI score0.00465EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/03/31 10:29 p.m.4 views

CVE-2018-8893

Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...

8.8CVSS6AI score0.00465EPSS
Exploits0References2
Prion
Prion
added 2018/03/31 10:29 p.m.19 views

Cross site request forgery (csrf)

Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...

6.8CVSS7.4AI score0.00465EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/03/31 10:29 p.m.18 views

CVE-2018-8893

Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...

8.8CVSS7.5AI score0.00465EPSS
Exploits0References1
CVE
CVE
added 2018/03/31 10:0 p.m.53 views

CVE-2018-8893

Z-BlogPHP 1.5.1 Zero contains a CSRF flaw in plugin_edit.php that can lead to remote arbitrary PHP code execution. Affected component: plugin_edit.php within Z-BlogPHP 1.5.1 Zero. Root cause: cross-site request forgery enabling code execution (as described in CVE-2018-8893). The connected documen...

8.8CVSS7.5AI score0.00465EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/03/31 10:0 p.m.19 views

CVE-2018-8893

Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...

7.8AI score0.00465EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/07 12:0 a.m.2 views

Z-BlogPHP Website Physical Path Disclosure Vulnerability

Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A security vulnerability exists in Z-BlogPHP version 1.5.1.1740. An attacker can exploit the vulnerability to obtain a physical path...

5.3CVSS6.6AI score0.08817EPSS
Exploits5References1
Prion
Prion
added 2018/03/06 9:29 p.m.17 views

Design/Logic Flaw

DISPUTED In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZCBLOGSUBNAME parameter or ZCUPLOADFILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability...

4.3CVSS5.9AI score0.03393EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2018/03/06 9:29 p.m.17 views

Design/Logic Flaw

DISPUTED In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by adminfooter.php or adminfooter.php. NOTE: the software maintainer disputes that this is a vulnerability...

5CVSS5.2AI score0.08817EPSS
Exploits5References4Affected Software1
NVD
NVD
added 2018/03/06 9:29 p.m.26 views

CVE-2018-7736

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZCBLOGSUBNAME parameter or ZCUPLOADFILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability...

6.1CVSS6AI score0.03393EPSS
Exploits5References4
NVD
NVD
added 2018/03/06 9:29 p.m.27 views

CVE-2018-7737

In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by adminfooter.php or adminfooter.php. NOTE: the software maintainer disputes that this is a vulnerability...

5.3CVSS5.2AI score0.08817EPSS
Exploits5References4
CVE
CVE
added 2018/03/06 9:0 p.m.68 views

CVE-2018-7737

Z-BlogPHP 1.5.1.1740 has a reported Web Site physical path leakage vulnerability. The issue is described as path disclosure affecting admin/footer and related admin files, with the maintainer disputing it as a vulnerability. Public PoCs/Exploits exist (e.g., Exploit-DB, PacketStorm, Exploit packs...

5.3CVSS5.1AI score0.08817EPSS
Exploits5References4Affected Software1
CVE
CVE
added 2018/03/06 9:0 p.m.64 views

CVE-2018-7736

Z-BlogPHP 1.5.1.1740 has an XSS issue in cmd.php exploitable via ZC_BLOG_SUBNAME or ZC_UPLOAD_FILETYPE (observed payloads demonstrate client-side script injection). The CVE entry notes the maintainer disputes this as a vulnerability. Connected sources (Exploit-DB, 1337DAY, PacketStorm) describe w...

6.1CVSS5.9AI score0.03393EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2018/03/06 9:0 p.m.25 views

CVE-2018-7736

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZCBLOGSUBNAME parameter or ZCUPLOADFILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability...

6AI score0.03393EPSS
Exploits5References4
Cvelist
Cvelist
added 2018/03/06 9:0 p.m.30 views

CVE-2018-7737

In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by adminfooter.php or adminfooter.php. NOTE: the software maintainer disputes that this is a vulnerability...

5.1AI score0.08817EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2018/03/06 12:0 a.m.4 views

PT-2018-18248 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.1.1740 Description: There is a potential issue in Z-BlogPHP where the physical path of the web site may be leaked, as demonstrated by accessing certain files such as admin footer.php. However, it's noted that the softwar...

5.3CVSS6.4AI score0.08817EPSS
Exploits5References5
Prion
Prion
added 2018/02/08 4:29 p.m.24 views

Path traversal

Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zbsystem/function/lib/upload.php...

5CVSS5.3AI score0.01472EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder