CVE-2018-18842: CSRF
First published: Tue Oct 30 2018(Updated: )
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zblogcn Z-blogphp | =1.5.2.1935\(zero\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this CSRF vulnerability?
The vulnerability ID for this CSRF vulnerability is CVE-2018-18842.
Where does the CSRF vulnerability exist in Z-BlogPHP?
The CSRF vulnerability exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero).
What is the severity of the CSRF vulnerability in Z-BlogPHP?
The severity of the CSRF vulnerability in Z-BlogPHP is high with a severity value of 8.8.
How can the CSRF vulnerability be exploited?
The CSRF vulnerability can be exploited by remote attackers to execute arbitrary PHP code.
Are there any references available for this CSRF vulnerability?
Yes, there are references available for this CSRF vulnerability: 1. https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx 2. https://github.com/zblogcn/zblogphp/issues/201
- collector/nvd-index
- vendor/zblogcn
- canonical/zblogcn z-blogphp
- version/zblogcn z-blogphp/1.5.2.1935\(zero\)