Submeter #793451: Z-Blog Z-BlogPHP 1.7.5 Upload any fileinformação

TítuloZ-Blog Z-BlogPHP 1.7.5 Upload any file
DescriçãoZ-BlogPHP `App::UnPack()` method parses application packages (ZBA files) by decoding base64-encoded file content and writing it directly to the filesystem without any security verification. Attackers can craft malicious ZBA files to upload files containing malicious code, thereby achieving remote code execution.
Fonte⚠️ https://github.com/qingyun985/Cyber-Security/issues/3
Utilizador
 qingyunsec (UID 96803)
Submissão31/03/2026 08h26 (há 22 dias)
Moderação20/04/2026 07h43 (20 days later)
EstadoAceite
Entrada VulDB358284 [Z-BlogPHP 1.7.5 ZBA File app_upload.php App::UnPack Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!