CVE-2018-19556: Input Validation
First published: Mon Nov 26 2018(Updated: )
** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zblogcn Z-blogphp | =1.5 | |
| =1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-19556.
What is the title of this vulnerability?
The title of this vulnerability is 'zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview'.
What is the severity of CVE-2018-19556?
The severity of CVE-2018-19556 is medium with a score of 4.3.
How does CVE-2018-19556 affect Z-BlogPHP?
CVE-2018-19556 affects Z-BlogPHP version 1.5.
Is there a fix available for CVE-2018-19556?
Yes, there is a fix available. Please refer to the software maintainer's response on the GitHub issue for more information.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/zblogcn
- canonical/zblogcn z-blogphp
- version/zblogcn z-blogphp/1.5