CVE-2026-8747

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zbsystem/function/csystemevent.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been made...

EUVD-2026-30696

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zbsystem/function/csystemevent.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been made...

CVE-2026-6650

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

CVE-2026-6650 Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zbusers/plugin/AppCentre/appupload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available an...

EUVD-2020-16075

Malware in sbrugna...

CVE-2020-23327

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model...

PT-2025-3126 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.7.3 Description: The issue allows for arbitrary code execution through the zb usersthemeshelltemplate. This enables an attacker to execute malicious code on the affected system. Recommendations: For Z-BlogPHP version 1.7.3...

CVE-2020-23327

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model...

CVE-2020-23327

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model...

Cross site scripting

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model...

CVE-2020-23327

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model...

PT-2023-11646 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: ZblogPHP version 1.0 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted payload in the title parameter of the module management model. Recommendations: For ZblogPHP version 1.0, avoid usi...

CVE-2020-23327

ZblogPHP v1.0 has a Cross-Site Scripting vulnerability in the title parameter of the module management model that could let a local attacker execute arbitrary code. Root cause: improper handling of the title input in ZblogPHP 1.0. Impact is described as local code execution with a low-to-moderate...

CVE-2020-23327

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model...

Code execution vulnerability in zblog php system

zblogphp is an open source program. A code execution vulnerability exists in the zblogphp system. An attacker can exploit the vulnerability to write files and gain server privileges...

CVE-2018-18842

CSRF exists in zbusers/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 Zero, which allows remote attackers to execute arbitrary PHP code...

Z-BlogPHP Cross-Site Scripting Vulnerability (CNVD-2018-10489)

Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site scripting vulnerability exists in the Site Title field of the Base Settings on the Site Settings in Z-BlogPHP version 1.5.2. A remote attacker can exploit this vulnerability to inject arbitrary w...

Z-Blog 1.5.1.1740 - Full Path Disclosure

Z-Blog 1.5.1.1740 - Full Path Disclosure Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE :...