📦 Emlog
by Emlog
🔍 What is Emlog?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2026-21430 is a CSRF vulnerability in Emlog's article creation functionality that allows attackers to force users to post malicious articles. When combined with stored XSS, this can lead to accoun...
Emlog Pro 2.5.20 contains an arbitrary file deletion vulnerability in admin/template.php and admin/plugin.php components. Attackers can exploit directory traversal to delete critical system files with...
Emlog Pro 2.5.23 has a session verification code error that allows attackers to reuse email verification codes. This authentication bypass vulnerability affects all Emlog Pro installations using email...
Emlog Pro versions before 2.5.10 contain a critical file upload vulnerability in the store.php component that fails to properly validate remotely downloaded ZIP plugin files. This allows attackers to ...
Emlog versions 2.5.13 and prior contain a deserialization vulnerability where a user can craft a malicious nickname to cause deserialization failure. This could potentially lead to remote code executi...
Emlog Pro versions 2.5.7 and 2.5.8 contain an SQL injection vulnerability in search_controller.php due to improper input sanitization. Attackers can bypass addslashes protection using URL double encod...
This vulnerability allows attackers to upload arbitrary PHP files to Emlog Pro's template directory, leading to remote code execution. It affects Emlog Pro v2.2.0 installations with the vulnerable com...
CVE-2023-43291 is a critical deserialization vulnerability in emlog pro CMS that allows remote attackers to execute arbitrary code on affected systems. Attackers can exploit this via the cache.php com...
This vulnerability allows unauthenticated attackers to upload malicious PHP files through the plugin upload functionality in emlog, leading to remote code execution. It affects all emlog 5.3.1 install...
CVE-2020-21585 is a critical vulnerability in emlog v6.0.0 that allows authenticated users to upload malicious PHP webshells via the zip plugin module. This affects all emlog v6.0.0 installations with...
Emlog versions up to 2.5.19 are vulnerable to server-side request forgery (SSRF) via malicious SVG file uploads. Attackers can upload crafted SVG files that force the server to make HTTP requests to a...
Emlog versions 2.5.21 and below contain a stored cross-site scripting (XSS) vulnerability in mail template settings. An attacker with admin access can inject malicious JavaScript that executes when ot...
Emlog website building system contains a cross-site scripting (XSS) vulnerability in the keyword parameter that allows attackers to inject malicious JavaScript. This affects all emlog users up to pro-...
This critical SQL injection vulnerability in Emlog Pro allows remote attackers to manipulate database queries through the 'tag' parameter in api_controller.php. Successful exploitation could lead to d...
This cross-site scripting vulnerability in Emlog Pro v2.5.4 allows attackers to inject malicious scripts into article headers via the admin interface. When exploited, it enables execution of arbitrary...
This cross-site scripting vulnerability in Emlog Pro v2.5.4 allows attackers to inject malicious scripts into article category titles, which then execute in victims' browsers when viewing affected pag...
Emlog Pro version 2.1.14 contains a SQL injection vulnerability in the uid parameter at /admin/media.php. This allows attackers to execute arbitrary SQL commands on the database. Only administrators w...
CVE-2023-39121 is a SQL injection vulnerability in emlog v2.1.9 that allows attackers to execute arbitrary SQL commands via the /admin/user.php component. This affects all systems running the vulnerab...
This vulnerability allows remote attackers to upload arbitrary files via the /admin/plugin.php endpoint in EmlogCMS v6.0.0. Attackers can gain unauthorized access to sensitive information or potential...
Emlog 2.5.23 has a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. When executed, these scripts can lead to account takeover, includin...
Emlog 2.5.23 has a stored cross-site scripting vulnerability in the Resource Media Library function when publishing articles. This allows attackers to inject malicious scripts that execute when users ...
This vulnerability in Emlog CMS allows administrators to restrict users from editing or deleting their own published articles. It affects all users of Emlog version 2.5.23 who have article publishing ...
A stored XSS vulnerability in Emlog Pro 2.5.19 allows administrators to inject malicious HTML/JavaScript into email templates. This could lead to persistent script execution when other users view emai...
Emlog Pro up to version 2.5.18 contains an unrestricted file upload vulnerability in the avatar update function. Attackers can remotely upload malicious files to affected systems, potentially leading ...
Emlog website building system contains a reflected cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts via comment parameters. Attackers can steal session cookie...
Emlog 2.5.13 has a stored XSS vulnerability where any registered user can inject malicious JavaScript via the 'perpage_num' parameter in comment.php. This JavaScript executes when other users view aff...
This cross-site scripting (XSS) vulnerability in Emlog Pro allows attackers to inject malicious scripts into blog posts via the postStrVar function. Attackers can steal session cookies, redirect users...
This Server-Side Request Forgery vulnerability in Emlog Pro allows attackers to make the vulnerable server send requests to internal network resources. Attackers can scan local ports and potentially a...
This is a cross-site scripting (XSS) vulnerability in Emlog Pro's admin plugin management interface. Attackers can inject malicious scripts via the 'filter' parameter in /admin/plugin.php, potentially...
This vulnerability allows attackers to inject malicious scripts via the 'keyword' parameter in Emlog Pro's /admin/user.php file, leading to cross-site scripting (XSS). It affects Emlog Pro users up to...
This vulnerability allows attackers to inject malicious scripts into Emlog Pro blog management systems through the tag.php admin interface. Remote attackers can execute cross-site scripting attacks th...
Emlog Pro 2.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in twitter.php that can be combined with Cross-Site Scripting (XSS) to access administrator information. This affects websites ...
This vulnerability allows remote attackers to upload arbitrary files to emlog Pro installations, potentially leading to remote code execution. Attackers can exploit this by submitting specially crafte...