5 matches found
CVE-2026-34607
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...
CVE-2026-34607
Summary: CVE-2026-34607 affects Emlog extractTo($path) without sanitizing ZIP entry names, enabling an authenticated admin to upload crafted ZIPs with ../ sequences to write arbitrary files on the server, including PHP web shells, resulting in Remote Code Execution (RCE). At publication, there ar...
CVE-2026-34607 Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...
PT-2026-30265
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...
emlog 安全漏洞
Emlog is an open-source CMS website building system based on PHP and MySQL. Emlog versions 2.6.2 and earlier have security vulnerabilities. These vulnerabilities stem from the emUnZip function’s path traversal vulnerability, which could lead to arbitrary file writing and remote code execution...