Lucene search
K

907 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 9:51 p.m.12 views

CVE-2026-42287 Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been...

10CVSS6.1AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 9:51 p.m.7 views

CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 9:51 p.m.14 views

CVE-2026-42286

The CVE-2026-42286 entry concerns Emlog, an open source website building system. Affected versions prior to 2.6.11 lack CSRF protection in critical admin functions, enabling an attacker to coerce authenticated admins into actions such as system registration, plugin management, and configuration c...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 9:51 p.m.34 views

CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:51 p.m.7 views

CVE-2026-42286

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/08 9:51 p.m.12 views

EUVD-2026-28841

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 9:50 p.m.11 views

EUVD-2026-28830

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...

6AI score0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 9:50 p.m.18 views

CVE-2026-41517

CVE-2026-41517 affects Emlog, an open source website building system. The vulnerability arises from an insecure plugin upload function in versions before 2.6.11, allowing an attacker to upload and execute arbitrary PHP code on the server, yielding complete server compromise and enabling a persist...

6AI score0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:50 p.m.7 views

CVE-2026-41517

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...

6AI score0.00276EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/08 9:50 p.m.33 views

CVE-2026-41517 Emlog: Remote Code Execution via Malicious Plugin Upload

Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11...

0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

emlog 跨站请求伪造漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection in critical management functions, which could allow attackers to trick...

8.4CVSS5.8AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

emlog 代码问题漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 had code vulnerabilities, which stemmed from an insecure plugin upload feature. This vulnerability could allow attackers to upload and execute arbitrary PHP code...

6.1AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

emlog SQL注入漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 had a SQL injection vulnerability. This vulnerability stemmed from direct SQL injections in the article creation and updating functions, which could allow attackers to execute arbitrary S...

10CVSS6.1AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.5 views

CVE-2026-34787

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

6.5CVSS6.1AI score0.00511EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.3 views

CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

6.5CVSS5.9AI score0.00343EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.5 views

CVE-2026-34229

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS5.7AI score0.0023EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.3 views

CVE-2026-34228

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...

8.7CVSS6.1AI score0.00188EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.4 views

CVE-2026-34607

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

7.2CVSS6.1AI score0.00874EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/04/05 7:33 a.m.51 views

Emlog-v2.6.9-Vulnerability-Report

Emlog-v2.6.9-Vulnerability-Report CVE ID: REQUESTED D...

6.2AI score
Exploits0
NVD
NVD
added 2026/04/03 11:17 p.m.2 views

CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

6.5CVSS0.00343EPSS
Exploits1References1
Rows per page
Query Builder