Описание
The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directly by an administrator, or through CSRF.
Ссылки
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zblogcn:z-blogphp:1.5.1:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00647
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directly by an administrator, or through CSRF.
EPSS
Процентиль: 70%
0.00647
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434