CVE-2026-8747 MEDIUM

CVE-2026-8747: Z-BlogPHP Commend Approval c_system_event.php CheckComment improper authorization

Vendor N/A

Product Z-BlogPHP

Weakness CWE-285

Published May 17, 2026

Last update May 18, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Key dates

Disclosure timeline

May 17, 2026 CVE published

May 18, 2026 Record updated