4 matches found
CVE-2025-52136
In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...
PT-2025-32464 · Emqx · Emqx
Name of the Vulnerable Software and Affected Versions: EMQX versions prior to 5.8.6 Description: Administrators could install arbitrary novel plugins via the Dashboard web interface. The supplier considers this intended behavior; however, version 5.8.6 introduced a defense-in-depth feature...
📄 EMQX 5.8.5 Remote Code Execution
A remote code execution vulnerability exists in the EMQX Dashboard component of EMQX, up to and including version 5.8.5. Authenticated users can upload plugins containing arbitrary code, including any kind of Erlang code, which may be executed on the server hosting the web interface. This is...
CVE-2021-46434
EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid...