CVE-2018-19463

zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
zblogcnz-blogphp
𝑥
≤ 1.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/master/Getshell
https://github.com/zblogcn/zblogphp/issues/205
https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/master/Getshell
https://github.com/zblogcn/zblogphp/issues/205