The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/BlYwPm5d4nU/detail.php