CVE-2026-8747

6.3 MEDIUM

A weakness has been identified in Z-BlogPHP 1.7.4.3430

Published: 2026-05-17 · Last updated: 2026-05-18

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266, CWE-285

Description

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8747
[Other]https://vuldb.com/submit/810027
[Other]https://vuldb.com/vuln/364334
[Other]https://vuldb.com/vuln/364334/cti
[Other]https://vulnplus-note.wetolink.com/share/31wtzNoJbxKQ

Related CVEs

Same CWE

CVE-2026-53862 — OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with... (4.2 MEDIUM)
CVE-2026-53847 — OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators wit... (5.4 MEDIUM)
CVE-2026-49780 — Customer Privilege Escalation in Dokan <= 5.0.2 versions (8.8 HIGH)
CVE-2026-49083 — Contributor Privilege Escalation in LatePoint <= 5.5.1 versions (7.5 HIGH)
CVE-2026-49063 — Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions (7.3 HIGH)