Skip to content

List of fake or duplicated security vulnerabilities we declined to accept in 2018. #205

Closed
@zsxsoft

Description

@zsxsoft

Duplicated

CVE-2018-7737

Author: @ponyma233
Detail: https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md (Deleted at 16/Feb)
Detail: https://packetstormsecurity.com/files/147063/Z-Blog-1.5.1.1740-Full-Path-Disclosure.html
Duplicated with CVE-2018-6846. We fixed them after CVE-2018-6846 confirmed. See: 7f09eb1

CVE-2018-7736

Author: @ponyma233
Detail: https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md
Detail: https://packetstormsecurity.com/files/147066/Z-Blog-1.5.1.1740-Cross-Site-Scripting.html
As same as CVE-2018-10680 and CVE-2018-11208. We decline to accept it as a valid issue. If you get the admin privilege, we have so many self-xss ways.

Useless

CVE-2018-10680

Author: @Oran9e
Detail: #185
We declined to accept a self-xss with admin privilege.

CVE-2018-11208

Author: @Jayway007
Detail: #187
We declined to accept a self-xss with admin privilege.

Fake

CVE-2018-19556

Author: @novysodope
Detail: https://github.com/novysodope/Z-BlogPHP1.5Zero/commit/49b1b99d2df0fd2a3ae61655b516a1c6bc998b57
It's Adobe's bug, not us. As him said, see CVE-2017-1125 and CVE-2018-4901.

CVE-2018-19463

Author: @novysodope
Detail: https://github.com/novysodope/Z-BlogPHP1.5Zero/commit/8526931c1e5fbe185740d91f9b286c38d3401445
It's fake. We have no dynamic including. No one can run PHP by uploading an image in current version. By the way, it needs authentication.

CVE-2018-11209

Author: @Jayway007
Detail: #188
It's a joke. I laughed.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions