CVE-2020-18268 Scanner

Z-BlogPHP is a popular open-source blogging platform used by many individuals and organizations for creating and managing content online. The platform offers a simple and user-friendly interface that makes it easy for bloggers to publish their articles, share their thoughts, and interact with their readers. With its intuitive features and customizable templates, Z-BlogPHP has become one of the most sought-after blogging platforms in the digital world.

However, despite its popularity and widespread usage, Z-BlogPHP is not immune to vulnerabilities. Recently, a critical security flaw was discovered in this platform that could expose sensitive information of its users to remote attackers. This vulnerability is identified as "CVE-2020-18268" and affects all versions of Z-BlogPHP v1.5.2 and lower.

When exploited, this vulnerability allows remote attackers to obtain sensitive information by manipulating the "redirect" parameter in the component "zb_system/cmd.php.". This means that an attacker can trick users into following a malicious link that appears to be legitimate but redirects them to a phishing site or an unsecured page. Once a user follows the link, the attacker can then gain access to their personal information, including login credentials, financial data, and other sensitive data.

At s4e.io, we strive to provide our users with the latest information on cybersecurity vulnerabilities like the one found in Z-BlogPHP. With the pro features of our platform, users can easily and quickly learn about vulnerabilities in their digital assets, allowing them to take necessary precautions to protect themselves and their data from potential threats. So, don't hesitate to subscribe to our platform and stay ahead of the game when it comes to securing your online presence.

REFERENCES

• https://github.com/zblogcn/zblogphp/issues/209
• https://github.com/zblogcn/zblogphp/issues/216