Z-BlogPHP Unrestricted File Upload Vulnerability Leading to Remote Code Execution

A vulnerability in Z-BlogPHP version 1.7.5 allows for unrestricted file uploads through the 'App::UnPack' function in the 'app_upload.php' file, part of the 'AppCentre' plugin. This vulnerability arises because the application fails to validate the contents or types of files being uploaded. As a result, attackers can upload files containing malicious code, which can then be executed remotely, leading to unauthorized access or control over the affected system.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to execute malicious code on the server, potentially leading to a full compromise of the web application or server.

Reproduction

To reproduce this vulnerability, log into the Z-BlogPHP admin panel and navigate to the 'Plugin Management' or 'Theme Management' section. Upload a crafted ZBA file that exploits the 'App::UnPack' method by including malicious PHP code disguised as a plugin or theme file. Once uploaded, the malicious code can be executed by accessing the uploaded file through the web server.

Remediation

No known mitigation is available. It is recommended to remove the vulnerable plugin or theme management feature.