417 matches found
CVE-2025-61318
CVE-2025-61318 affects Emlog Pro 2.5.20. The vulnerability stems from the admin/template.php and admin/plugin.php components where path validation is missing and deletion parameters are not properly filtered, allowing directory traversal that can lead to arbitrary file deletion. The issue is not ...
CVE-2025-62717
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
Emlog Pro 安全漏洞
Emlog Pro is an Emlog open source blogging system. A security vulnerability exists in Emlog Pro version 2.5.23, which stems from an error in the session CAPTCHA clearing logic that could lead to CAPTCHAs being reused...
CVE-2025-62717
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
CVE-2025-62717
CVE-2025-62717 affects Emlog Pro 2.5.23, where a clearing-logic error in session verification code allows reuse of verification codes. The issue has a fix in commit 1f726df. Remediation: upgrade to a version including the fix (per the cited advisories). If upgrading is not possible, apply the pat...
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
EUVD-2025-35889
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...
PT-2025-43672
Name of the Vulnerable Software and Affected Versions Emlog versions prior to the commit 1f726df Emlog Pro version 2.5.23 Description Emlog Pro version 2.5.23 contains a flaw related to session verification codes. A clearing logic error allows the reuse of email verification codes in any context...
CVE-2025-61930
Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...
CVE-2025-61930
Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...
EUVD-2025-33776
Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...
CVE-2025-61930
CVE-2025-61930 affects Emlog Pro up to v2.5.19. The vulnerability is a Cross‑Site Request Forgery (CSRF) on the password change endpoint, allowing an attacker to trick a logged‑in administrator into submitting a POST that changes the admin password. The resulting impact is privileged account take...
CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset
Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...
CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset
Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...
PT-2025-41601
Name of the Vulnerable Software and Affected Versions Emlog Pro versions 2.5.19 and earlier Description Emlog Pro versions 2.5.19 and earlier are susceptible to a Cross-Site Request Forgery CSRF issue on the password change endpoint. This allows an attacker to trick a logged-in administrator into...
Emlog Pro 跨站请求伪造漏洞
Emlog Pro is an Emlog open source blogging system. A cross-site request forgery vulnerability exists in Emlog Pro version 2.5.19 and earlier versions, which stems from a cross-site request forgery in the password change endpoint that could lead to a privileged user account takeover...
CVE-2025-61599
Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...
CVE-2025-60448
A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...