The vulnerability of the cmd.php component in the Z-BlogPHP blogging software allows a hacker to redirect users to arbitrary websites and carry out phishing attacks using a specially crafted URL.

The vulnerability of the cmd.php component in the Z-BlogPHP blog software relates to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary websites and carry out phishing attacks using specially crafted URLs...

CVE-2018-7736

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZCBLOGSUBNAME parameter or ZCUPLOADFILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability...