CVE-2018-18381
Z-BlogPHP 1.5.2.1935 (Zero) is affected by a stored XSS in zb_system/function/c_system_admin.php, exploitable via the Content-Type header during image attachment uploads. Affected component is the server-side upload handling in zb_system/function/c_system_admin.php; the issue allows injection of ...