CVE-2026-6650 | Z-BlogPHP 1.7.5 ZBA File app_upload.php App::UnPack unrestricted upload

A vulnerability identified as critical has been detected in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload.

This vulnerability is listed as CVE-2026-6650. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More