Z-blogphp Security Vulnerabilities and Issues — Z-blogphp CVE List

Lucene search

ZblogcnZ-blogphp

4 matches found

CVE•added 2021/06/07 7:15 p.m.•41 views

CVE-2020-18268

Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."

6.1CVSS6AI score0.06993EPSS

CVE•added 2021/12/02 11:15 p.m.•41 views

CVE-2020-29177

Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php.

9.1CVSS9.3AI score0.00346EPSS

CVE•added 2021/01/27 4:15 p.m.•38 views

CVE-2020-23352

Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.

7.5CVSS7.5AI score0.00242EPSS

CVE•added 2021/12/02 11:15 p.m.•35 views

CVE-2020-29176

An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file.

7.8CVSS7.8AI score0.00388EPSS