Shodan
Vulnerabilities
Vulnerable Software
Zblogcn:  >> Z-Blogphp  >> 1.5.1  Security Vulnerabilities
CVE-2024-39203
A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-07-08
CVE-2022-40357
A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2022-09-20
CVE-2020-18268
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."
CVSS Score
6.1
EPSS Score
0.07
Published
2021-06-07
CVE-2018-19463
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication
CVSS Score
8.8
EPSS Score
0.012
Published
2018-11-22
CVE-2018-9153
The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directly by an administrator, or through CSRF.
CVSS Score
7.2
EPSS Score
0.007
Published
2018-04-16
CVE-2018-9169
Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-16
CVE-2018-8893
Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-03-31
CVE-2018-6846
Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-02-08
CVE-2018-6656
Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-02-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved