Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-19463

zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2018-19463
  • Zblogcn » Z-Blogphp » Version: 1.5
    cpe:2.3:a:zblogcn:z-blogphp:1.5
  • Zblogcn » Z-Blogphp » Version: 1.5.0.1525
    cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525
  • Zblogcn » Z-Blogphp » Version: 1.5.0.1525-2
    cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-2
  • Zblogcn » Z-Blogphp » Version: 1.5.0.1525-3
    cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-3
  • Zblogcn » Z-Blogphp » Version: 1.5.0.1525-4
    cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-4
  • Zblogcn » Z-Blogphp » Version: 1.5.0.1525-5
    cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-5
  • Zblogcn » Z-Blogphp » Version: 1.5.0.1525-6
    cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-6
  • Zblogcn » Z-Blogphp » Version: 1.5.0.1525-7
    cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-7
  • Zblogcn » Z-Blogphp » Version: 1.5.0.1525-8
    cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1525-8
  • Zblogcn » Z-Blogphp » Version: 1.5.0.1626
    cpe:2.3:a:zblogcn:z-blogphp:1.5.0.1626
  • Zblogcn » Z-Blogphp » Version: 1.5.1
    cpe:2.3:a:zblogcn:z-blogphp:1.5.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved