CVE-2020-18268

MEDIUM NUCLEI

Z-BlogPHP <1.5.2 - Open Redirect

Title source: llm

Description

Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."

Nuclei Templates (1)

Z-Blog <=1.5.2 - Open Redirect

MEDIUMby 0x_Akoko

References (2)

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/zblogcn/zblogphp/issues/209

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/zblogcn/zblogphp/issues/216

Scores

CVSS v3 6.1

EPSS 0.0699

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (1)

zblogcn/z-blogphp < 1.5.2

Published Jun 07, 2021

Tracked Since Feb 18, 2026