Zzw

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.1.1740 Description: There is a reported issue in Z-BlogPHP where the `cmd.php` file is susceptible to XSS attacks via the `ZC BLOG SUBNAME` parameter or the `ZC UPLOAD FILETYPE` parameter. However, the software maintainer disputes the classification of this issue as a vulnerability. Recommendations: For Z-BlogPHP version 1.5.1.1740, as a temporary workaround, consider restricting access to the `cmd.php` file or sanitizing input for the `ZC BLOG SUBNAME` and `ZC UPLOAD FILETYPE` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.1.1740 Description: There is a potential issue in Z-BlogPHP where the physical path of the web site may be leaked, as demonstrated by accessing certain files such as `admin footer.php`. However, it's noted that the software maintainer disputes this being classified as a vulnerability. Recommendations: For Z-BlogPHP version 1.5.1.1740, consider restricting access to sensitive files like `admin footer.php` to minimize potential information disclosure. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** YzmCMS version 3.6 **Description** The issue is related to an XSS vulnerability. It affects the index.php file through the `a`, `c`, or `m` parameters. **Recommendations** For YzmCMS version 3.6, consider restricting access to the vulnerable parameters `a`, `c`, and `m` in the index.php file to minimize the risk of exploitation.