First published: Wed May 16 2018(Updated: )
** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zblogcn Z-blogphp | =2.0.0 | |
=2.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-11209 is a vulnerability in Z-BlogPHP 2.0.0 that allows attackers to bypass access restrictions.
The severity of CVE-2018-11209 is high with a CVSS score of 7.2.
CVE-2018-11209 allows attackers to bypass access restrictions in Z-BlogPHP 2.0.0 by exploiting the use of MD5 for the password parameter.
The vendor has not accepted this vulnerability as valid, so there is currently no official fix available.
Yes, you can find more information about CVE-2018-11209 at the following references: https://github.com/zblogcn/zblogphp/issues/188 and https://github.com/zblogcn/zblogphp/issues/205