Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories.
References
Link | Resource |
---|---|
https://github.com/zblogcn/zblogphp/commit/c51da34a27798b5fe6d1cb5133a15da6a6384e43 | Patch |
https://github.com/zblogcn/zblogphp/issues/175 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-06T14:00:00
Updated: 2018-02-06T14:57:02
Reserved: 2018-02-05T00:00:00
Link: CVE-2018-6656
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-02-06T14:29:00.537
Modified: 2018-03-13T18:15:06.880
Link: CVE-2018-6656
JSON object: View
Redhat Information
No data.
CWE