CVE-2018-11209

Name of the Vulnerable Software and Affected Versions Z-BlogPHP version 2.0.0

Description An issue was discovered where the zb system/cmd.php API endpoint, specifically the act=verify action, relies on MD5 for the password parameter. This could potentially make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack.

Recommendations For Z-BlogPHP version 2.0.0, consider using a stronger hashing algorithm for password verification as a mitigation measure. Avoid using the password parameter in the zb system/cmd.php?act=verify API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.