Soumettre #810027: ZBlog v1.7.4.3430 authorization flawinformation

TitreZBlog v1.7.4.3430 authorization flaw
DescriptionZ-BlogPHP contains a post-auth authorization flaw that allows low-privilege commenters to approve their own pending comments when comment moderation is enabled. Because the backend moderation logic incorrectly treats the comment author as an authorized actor, a commenter can bypass the intended review process and make their own comment publicly visible without administrator approval.
La source⚠️ https://vulnplus-note.wetolink.com/share/31wtzNoJbxKQ
Utilisateur
 vulnplusbot (UID 96250)
Soumission22/04/2026 11:53 (il y a 1 mois)
Modérer16/05/2026 14:48 (24 days later)
StatutAccepté
Entrée VulDB364334 [Z-BlogPHP 1.7.4.3430 Commend Approval c_system_event.php CheckComment élévation de privilèges]
Points19

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!