| Название | Z-Blog Z-BlogPHP 1.7.5 Upload any file |
|---|
| Описание | Z-BlogPHP `App::UnPack()` method parses application packages (ZBA files) by decoding base64-encoded file content and writing it directly to the filesystem without any security verification. Attackers can craft malicious ZBA files to upload files containing malicious code, thereby achieving remote code execution. |
|---|
| Источник | ⚠️ https://github.com/qingyun985/Cyber-Security/issues/3 |
|---|
| Пользователь | qingyunsec (UID 96803) |
|---|
| Представление | 31.03.2026 08:26 (22 дни назад) |
|---|
| Модерация | 20.04.2026 07:43 (20 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 358284 [Z-BlogPHP 1.7.5 ZBA File app_upload.php App::UnPack эскалация привилегий] |
|---|
| Баллы | 19 |
|---|