CVE-2026-6650

Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload

CVSS 5.1 MEDIUMEPSS 0.2%CWE-284 CWE-434

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

n/a · Z-BlogPHP

PoCs públicas encontradas — 1

cve_referencegithub.com/qingyun985/Cyber-Security/issues/3no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/qingyun985/Cyber-Security/issues/3 https://vuldb.com/submit/793451 https://vuldb.com/vuln/358284 https://vuldb.com/vuln/358284/cti