Skip to main content

Z Blogphp

17 CVEs product

Monthly

CVE-2024-55529 CRITICAL This Week

Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Z Blogphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-39203 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Z Blogphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-40357 CRITICAL POC Act Now

A security issue was discovered in Z-BlogPHP <= 1.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Z Blogphp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2018-19556 MEDIUM POC This Month

zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-19463 HIGH This Week

zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE PHP Z Blogphp
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-18842 HIGH POC This Week

CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Z Blogphp
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-18381 MEDIUM POC This Month

Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2018-11209 HIGH POC This Week

An issue was discovered in Z-BlogPHP 2.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Z Blogphp
NVD GitHub
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-11208 MEDIUM POC This Month

An issue was discovered in Z-BlogPHP 2.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Z Blogphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-10680 MEDIUM POC This Month

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-9169 MEDIUM This Month

Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS PHP Z Blogphp
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-9153 HIGH This Week

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload CSRF PHP Z Blogphp
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2018-8893 HIGH This Week

Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Z Blogphp
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-7737 MEDIUM POC This Month

In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
8.6%
CVE-2018-7736 MEDIUM POC This Month

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.3%
CVE-2018-6846 MEDIUM This Month

Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-6656 MEDIUM POC PATCH This Month

Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Z Blogphp
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL This Week

Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Z Blogphp
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Z Blogphp
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A security issue was discovered in Z-BlogPHP <= 1.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Z Blogphp
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Z Blogphp
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An issue was discovered in Z-BlogPHP 2.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Z Blogphp
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An issue was discovered in Z-BlogPHP 2.0.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Z Blogphp
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM This Month

Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS PHP +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload CSRF PHP +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Z Blogphp
NVD
EPSS 9% CVSS 5.3
MEDIUM POC This Month

In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub Exploit-DB
EPSS 3% CVSS 6.1
MEDIUM POC This Month

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM This Month

Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Z Blogphp
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Z Blogphp
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy