CVE-2018-7736

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.1.1740

Description: There is a reported issue in Z-BlogPHP where the cmd.php file is susceptible to XSS attacks via the ZC BLOG SUBNAME parameter or the ZC UPLOAD FILETYPE parameter. However, the software maintainer disputes the classification of this issue as a vulnerability.

Recommendations: For Z-BlogPHP version 1.5.1.1740, as a temporary workaround, consider restricting access to the cmd.php file or sanitizing input for the ZC BLOG SUBNAME and ZC UPLOAD FILETYPE parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.