Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a direct request to zb_system/function/lib/upload.php.Referenceshttps://github.com/zblogcn/zblogphp/issues/176
