CVE-2018-19556

Name of the Vulnerable Software and Affected Versions Z-BlogPHP version 1.5

Description The issue in Z-BlogPHP relates to the mishandling of file preview in the zb system/admin/index.php?act=UploadMng endpoint, potentially leading to content spoofing. However, it's noted that the software maintainer disputes this as a vulnerability.

Recommendations For Z-BlogPHP version 1.5, as a temporary workaround, consider restricting access to the UploadMng act in the index.php file until the dispute is resolved or further guidance is provided. At the moment, there is no information about a newer version that contains a fix for this issue.