Vulnerabilities > Zblogcn

DATE CVE VULNERABILITY TITLE RISK
2021-12-02 CVE-2020-29176 Unrestricted Upload of File with Dangerous Type vulnerability in Zblogcn Z-Blogphp 1.6.1.2100
An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file.
network
zblogcn CWE-434
6.8
2021-12-02 CVE-2020-29177 Unspecified vulnerability in Zblogcn Z-Blogphp 1.6.1.2100
Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php.
network
low complexity
zblogcn
6.4
2021-06-07 CVE-2020-18268 Open Redirect vulnerability in Zblogcn Z-Blogphp
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."
network
zblogcn CWE-601
5.8
2021-01-27 CVE-2020-23352 Unspecified vulnerability in Zblogcn Z-Blogphp 1.6.0
Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control.
network
low complexity
zblogcn
5.0
2018-11-26 CVE-2018-19556 Improper Input Validation vulnerability in Zblogcn Z-Blogphp 1.5
** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing.
network
zblogcn CWE-20
4.3
2018-11-22 CVE-2018-19463 Code Injection vulnerability in Zblogcn Z-Blogphp 1.5.0.1525/1.5.0.1626
** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI.
network
low complexity
zblogcn CWE-94
6.5
2018-10-30 CVE-2018-18842 Cross-Site Request Forgery (CSRF) vulnerability in Zblogcn Z-Blogphp 1.5.2.1935(Zero)
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.
network
zblogcn CWE-352
6.8
2018-10-16 CVE-2018-18381 Cross-site Scripting vulnerability in Zblogcn Z-Blogphp 1.5.2.1935
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
network
zblogcn CWE-79
3.5
2018-05-16 CVE-2018-11209 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zblogcn Z-Blogphp 2.0.0
** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0.
network
low complexity
zblogcn CWE-327
4.0
2018-05-16 CVE-2018-11208 Cross-site Scripting vulnerability in Zblogcn Z-Blogphp 2.0.0
** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0.
network
zblogcn CWE-79
3.5