Exploitation Summary
EIP tracks 1 public exploit for CVE-2018-7737. PoCs published by zzw.
AI-analyzed exploit summary This exploit demonstrates a physical path leakage vulnerability in Z-Blog 1.5.1.1740 by accessing specific PHP files directly, which triggers errors revealing the server's file system path. The PoC provides a list of URLs that, when accessed, expose the full path due to missing interface dependencies.
Description
In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability
Exploits (1)
This exploit demonstrates a physical path leakage vulnerability in Z-Blog 1.5.1.1740 by accessing specific PHP files directly, which triggers errors revealing the server's file system path. The PoC provides a list of URLs that, when accessed, expose the full path due to missing interface dependencies.
References (4)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N