CVE-2018-11209
HIGHZ-BlogPHP 2.0.0 - Use of a Broken or Risky Cryptographic Algorithm in Password Verification
Title source: llmDescription
An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/zblogcn/zblogphp/issues/205
Exploit, Third Party Advisory x_refsource_misc
https://github.com/zblogcn/zblogphp/issues/188
Scores
CVSS v3
7.2
EPSS
0.0102
EPSS Percentile
58.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-327
Status
published
Products (1)
zblogcn/z-blogphp
2.0.0
Published
May 16, 2018
Tracked Since
Feb 18, 2026