Max CVSS | 6.5 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-7736 | 4.3 |
In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability
|
11-04-2024 - 01:02 | 06-03-2018 - 21:29 | |
CVE-2018-7737 | 5.0 |
In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability
|
11-04-2024 - 01:02 | 06-03-2018 - 21:29 | |
CVE-2018-19463 | 6.5 |
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "W
|
11-04-2024 - 01:01 | 22-11-2018 - 21:29 | |
CVE-2018-19556 | 4.3 |
zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability
|
11-04-2024 - 01:01 | 26-11-2018 - 07:29 | |
CVE-2018-11208 | 3.5 |
An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that
|
11-04-2024 - 01:00 | 16-05-2018 - 15:29 | |
CVE-2018-11209 | 4.0 |
An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the ven
|
11-04-2024 - 01:00 | 16-05-2018 - 15:29 | |
CVE-2018-10680 | 4.3 |
Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE:
|
11-04-2024 - 00:59 | 02-05-2018 - 19:29 |