CVE-2018-19556 — MEDIUM (4.3)

Vulnerability Description

zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Zblogcn	Z-Blogphp	1.5

Related Weaknesses (CWE)

CWE-20

References

https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/bee6dba066b3f9aa378dcde63e1eExploitThird Party Advisory
https://github.com/zblogcn/zblogphp/issues/205Third Party Advisory
https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/bee6dba066b3f9aa378dcde63e1eExploitThird Party Advisory
https://github.com/zblogcn/zblogphp/issues/205Third Party Advisory

FAQ

What is CVE-2018-19556?

CVE-2018-19556 is a vulnerability with a CVSS score of 4.3 (MEDIUM). zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability

How severe is CVE-2018-19556?

CVE-2018-19556 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19556?

Check the references section above for vendor advisories and patch information. Affected products include: Zblogcn Z-Blogphp.