emlog is a lightweight blog and CMS builder based on PHP and MySQL. An arbitrary file upload vulnerability exists in emlog pro /admin/plugin.php, which can be exploited by a remote attacker to submit a special request that can upload a malicious file to execute arbitrary code in the application context.