CVE-2018-19556

Опубликовано: 26 нояб. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability

Ссылки

https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/bee6dba066b3f9aa378dcde63e1e0ffad6ad0f49/Url%20hijacking
Exploit
Third Party Advisory
https://github.com/zblogcn/zblogphp/issues/205
Third Party Advisory
https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/bee6dba066b3f9aa378dcde63e1e0ffad6ad0f49/Url%20hijacking
Exploit
Third Party Advisory
https://github.com/zblogcn/zblogphp/issues/205
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zblogcn:z-blogphp:1.5:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.0025

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-gv3m-w682-jc3j

CVSS3: 4.3

github

больше 3 лет назад

** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability.

EPSS

Процентиль: 48%

0.0025

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20