| 제목 | Z-Blog Z-BlogPHP 1.7.5 Upload any file |
|---|
| 설명 | Z-BlogPHP `App::UnPack()` method parses application packages (ZBA files) by decoding base64-encoded file content and writing it directly to the filesystem without any security verification. Attackers can craft malicious ZBA files to upload files containing malicious code, thereby achieving remote code execution. |
|---|
| 원천 | ⚠️ https://github.com/qingyun985/Cyber-Security/issues/3 |
|---|
| 사용자 | qingyunsec (UID 96803) |
|---|
| 제출 | 2026. 03. 31. AM 08:26 (25 날 ago) |
|---|
| 모더레이션 | 2026. 04. 20. AM 07:43 (20 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358284 [Z-BlogPHP 1.7.5 ZBA File app_upload.php App::UnPack 권한 상승] |
|---|
| 포인트들 | 19 |
|---|