CVE-2020-18268
MEDIUM NUCLEIZ-BlogPHP < 1.5.2 - Open Redirect via zb_system/cmd.php Redirect Parameter
Title source: llmExploitation Summary
CVE-2020-18268 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."
Nuclei Templates (1)
Z-Blog <=1.5.2 - Open Redirect
MEDIUMby 0x_Akoko
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/zblogcn/zblogphp/issues/216
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/zblogcn/zblogphp/issues/209
Scores
CVSS v3
6.1
EPSS
0.0269
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
zblogcn/z-blogphp
< 1.5.2
Published
Jun 07, 2021
Tracked Since
Feb 18, 2026