Zblogcn: >> Z-Blogphp >> 1.6.1.2100 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-07-08
A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.
CVSS Score
9.8
EPSS Score
0.025
Published
2022-09-20
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-12-02
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-12-02