Back to search
CVE-2018-9153
Published: Apr 15, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directly by an administrator, or through CSRF.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://xz.aliyun.com/t/2277
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now