CVE-2020-18268

Name of the Vulnerable Software and Affected Versions Z-BlogPHP versions 1.5.2 and earlier

Description The issue allows remote attackers to obtain sensitive information via the redirect parameter in the zb system/cmd.php component. This can enable an attacker to redirect users to arbitrary websites, potentially leading to phishing attacks using specially crafted URLs.

Recommendations For Z-BlogPHP versions 1.5.2 and earlier, consider disabling the redirect parameter in the zb system/cmd.php component as a temporary workaround until a patch is available. Restrict access to the zb system/cmd.php component to minimize the risk of exploitation. Avoid using the redirect parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.