CVE-2018-7736
MEDIUMZ-BlogPHP 1.5.1.1740 - Cross-Site Scripting via cmd.php Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-7736. PoCs published by zzw.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Z-Blog 1.5.1.1740 via the ZC_BLOG_SUBNAME and ZC_UPLOAD_FILETYPE parameters. The PoC includes crafted POST data that injects malicious JavaScript, which executes when rendered in the application.
Description
In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability
Exploits (1)
This exploit demonstrates a stored XSS vulnerability in Z-Blog 1.5.1.1740 via the ZC_BLOG_SUBNAME and ZC_UPLOAD_FILETYPE parameters. The PoC includes crafted POST data that injects malicious JavaScript, which executes when rendered in the application.
References (4)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N