Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2018-18842

Disclosure Date: October 30, 2018 (last updated November 27, 2024)
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.
0
0
Attacker Value
Unknown

CVE-2018-18381

Disclosure Date: October 16, 2018 (last updated November 27, 2024)
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0