First published: Tue Oct 30 2018(Updated: )
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zblogcn Z-blogphp | =1.5.2.1935\(zero\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this CSRF vulnerability is CVE-2018-18842.
The CSRF vulnerability exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero).
The severity of the CSRF vulnerability in Z-BlogPHP is high with a severity value of 8.8.
The CSRF vulnerability can be exploited by remote attackers to execute arbitrary PHP code.
Yes, there are references available for this CSRF vulnerability: 1. https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx 2. https://github.com/zblogcn/zblogphp/issues/201