58 matches found
PT-2026-41539
A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb system/function/c system event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been...
EUVD-2026-23876
A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...
CVE-2026-6650 Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload
A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...
PT-2026-33780
A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb users/plugin/AppCentre/app upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available...
EUVD-2007-3075
Malware in sbrugna...
Z-BlogPHP 安全漏洞
Z-BlogPHP is an open source PHP-based blogging system for the Z-Blog community. A security vulnerability exists in Z-BlogPHP version 1.7.3, which stems from vulnerability to arbitrary code attack via zbusers hemeshell emplate execution...
PT-2024-28385 · Z Blogphp · Z-Blogphp
Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.7.3 Description: A cross-site scripting XSS vulnerability in the Backend Theme Management module allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Z-BlogPHP version 1.7.3...
CVE-2020-29177
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \appdel.php...
Z-BlogPHP 安全漏洞
Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP version 1.6.0, which stems from the passwordvisitinputpassword function in zbuser/plugin/passwordvisit/include.php that uses loose comparisons for authentication, which...
File Upload Vulnerability in Z-Blog
Z-Blog is an open source program based on Asp and PHP platforms. Z-Blog has a file upload vulnerability that can be exploited by an attacker to gain control of the web server...
CVE-2018-9153
The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...
Z-Blog 1.5.1.1740 - Cross-Site Scripting
Z-Blog 1.5.1.1740 - Cross-Site Scripting Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS...
Z-Blog 1.5.1.1740 Full Path Disclosure
Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7737 This is a WebSite physical path...
Z-Blog 1.5.1.1740 - Full Path Disclosure
Z-Blog 1.5.1.1740 - Full Path Disclosure Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE :...
Z-Blog 1.5.1.1740 Cross Site Scripting
Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS vulnerability than can attack the users. poc:...
Z-Blog 1.5.1.1740 - Cross-Site Scripting
Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS vulnerability than can attack the users. poc:...
Z-Blog 1.5.1.1740 - Full Path Disclosure
Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7737 This is a WebSite physical path...
Z-Blog 1.5.1.1740 - Full Path Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Exploit Author: zzw email protected Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE :...
Z-Blog 1.5.1.1740 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Exploit Author: zzw email protected Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS...
CVE-2018-8893
Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...