Submit #793451: Z-Blog Z-BlogPHP 1.7.5 Upload any fileinfo

TitleZ-Blog Z-BlogPHP 1.7.5 Upload any file
DescriptionZ-BlogPHP `App::UnPack()` method parses application packages (ZBA files) by decoding base64-encoded file content and writing it directly to the filesystem without any security verification. Attackers can craft malicious ZBA files to upload files containing malicious code, thereby achieving remote code execution.
Source⚠️ https://github.com/qingyun985/Cyber-Security/issues/3
User
 qingyunsec (UID 96803)
Submission03/31/2026 08:26 (3 months ago)
Moderation04/20/2026 07:43 (20 days later)
StatusAccepted
VulDB entry358284 [Z-BlogPHP 1.7.5 ZBA File app_upload.php App::UnPack unrestricted upload]
Points19

Do you know our Splunk app?

Download it now for free!