CVE-2026-31954 Emlog asynchronous media file deletion missing CSRF protection

Emlog is an open source website building system. In 2.6.6 and earlier, the deleteasync action asynchronous delete lacks a call to LoginAuth::checkToken, enabling CSRF attacks...

CVE-2026-31954 Emlog asynchronous media file deletion missing CSRF protection

Emlog is an open source website building system. In 2.6.6 and earlier, the deleteasync action asynchronous delete lacks a call to LoginAuth::checkToken, enabling CSRF attacks...

CVE-2026-31954

CVE-2026-31954 affects Emlog prior to 2.6.7 (2.6.6 and earlier), where the delete_async action omits a call to LoginAuth::checkToken(), enabling CSRF attacks against asynchronous deletions. Root cause is the missing CSRF token validation in the delete path. Documented impact is CSRF exposure; no ...

EUVD-2026-11319

Emlog is an open source website building system. In 2.6.6 and earlier, the deleteasync action asynchronous delete lacks a call to LoginAuth::checkToken, enabling CSRF attacks...

CVE-2026-31954

Emlog is an open source website building system. In 2.6.6 and earlier, the deleteasync action asynchronous delete lacks a call to LoginAuth::checkToken, enabling CSRF attacks...

CVE-2026-31954 Emlog asynchronous media file deletion missing CSRF protection

Emlog is an open source website building system. In 2.6.6 and earlier, the deleteasync action asynchronous delete lacks a call to LoginAuth::checkToken, enabling CSRF attacks...

PT-2026-24803

CVE-2026-31954 Emlog is an open source website building system. In 2.6.6 and earlier, the delete async action asynchronous delete lacks a call to LoginAuth::checkToken, enabling… https://t.co/jGjg6aBhCJ...

emlog 跨站请求伪造漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog 2.6.6 and earlier have a cross-site request forgeing vulnerability. This vulnerability stems from the lack of token checks in the deleteasync operation, which may lead to cross-site request forgeing...

CVE-2026-22799

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint /index.php?rest-api=upload for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers with a valid API key ...

CVE-2026-22799

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint /index.php?rest-api=upload for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers with a valid API key ...

CVE-2026-22799

Summary: CVE-2026-22799 affects the open-source CMS emlog. Versions prior to 2.6.1 expose the REST API endpoint /index.php?rest-api=upload without proper validation of file types, extensions, or content. This allows authenticated attackers (with a valid API key or an admin session cookie) to uplo...

EUVD-2026-1995

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint /index.php?rest-api=upload for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers with a valid API key ...

CVE-2026-22799 emlog Arbitrary File Upload Vulnerability

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint /index.php?rest-api=upload for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers with a valid API key ...

CVE-2026-22799 emlog Arbitrary File Upload Vulnerability

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint /index.php?rest-api=upload for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers with a valid API key ...

CVE-2026-22799 emlog Arbitrary File Upload Vulnerability

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint /index.php?rest-api=upload for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers with a valid API key ...

PT-2026-2311

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.1 Description Emlog is a website building system. Versions prior to 2.6.1 expose a REST API endpoint '/index.php?rest-api=upload' for media file uploads. This endpoint does not properly validate file types,...

emlog 代码问题漏洞

emlog is emlog open source PHP and MySQL based CMS site building system . emlog v2.6.1 and previous versions of the code problem vulnerability , the vulnerability stems from the REST API endpoints do not implement proper validation of file types , extensions and content , which could lead to an...

CVE-2023-43267

A cross-site scripting XSS vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field...

CVE-2023-43291

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component...

CVE-2021-31737

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php...