CVE-2018-9153
The CVE concerns Z-BlogPHP 1.5.1. The plugin upload component enables remote PHP code execution via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php due to an unanchored regular expression. Access must be direct by an administrator or via CSRF. This is a distinct issue from CVE-2...