| عنوان | Z-Blog Z-BlogPHP 1.7.5 Upload any file |
|---|
| الوصف | Z-BlogPHP `App::UnPack()` method parses application packages (ZBA files) by decoding base64-encoded file content and writing it directly to the filesystem without any security verification. Attackers can craft malicious ZBA files to upload files containing malicious code, thereby achieving remote code execution. |
|---|
| المصدر | ⚠️ https://github.com/qingyun985/Cyber-Security/issues/3 |
|---|
| المستخدم | qingyunsec (UID 96803) |
|---|
| ارسال | 31/03/2026 08:26 AM (21 أيام منذ) |
|---|
| الاعتدال | 20/04/2026 07:43 AM (20 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 358284 [Z-BlogPHP 1.7.5 ZBA File app_upload.php App::UnPack تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|