Github123Abc123

**Name of the Vulnerable Software and Affected Versions** Z-BlogPHP versions 1.5.2 and earlier **Description** The issue allows remote attackers to obtain sensitive information via the `redirect` parameter in the `zb system/cmd.php` component. This can enable an attacker to redirect users to arbitrary websites, potentially leading to phishing attacks using specially crafted URLs. **Recommendations** For Z-BlogPHP versions 1.5.2 and earlier, consider disabling the `redirect` parameter in the `zb system/cmd.php` component as a temporary workaround until a patch is available. Restrict access to the `zb system/cmd.php` component to minimize the risk of exploitation. Avoid using the `redirect` parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.