Emlog Security Vulnerabilities and Issues — Emlog CVE List

Lucene search

EmlogEmlog

14 matches found

CVE•added 2023/10/03 9:15 p.m.•78 views

CVE-2023-44974

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

9.8CVSS9.6AI score0.14303EPSS

CVE•added 2023/10/03 9:15 p.m.•76 views

CVE-2023-44973

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

9.8CVSS9.6AI score0.00443EPSS

CVE•added 2025/03/28 3:15 p.m.•72 views

CVE-2025-30372

Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. search_controller.php does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential...

9.8CVSS7.6AI score0.00044EPSS

CVE•added 2021/04/02 8:15 p.m.•64 views

CVE-2020-21585

Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.

9.8CVSS9.3AI score0.12995EPSS

CVE•added 2025/02/26 3:15 p.m.•63 views

CVE-2025-25783

An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.

9.8CVSS7.4AI score0.00209EPSS

CVE•added 2022/02/04 11:15 p.m.•57 views

CVE-2022-23379

Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().

9.8CVSS9.8AI score0.00555EPSS

CVE•added 2025/03/19 4:15 p.m.•50 views

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.

9.8CVSS7.5AI score0.0022EPSS

CVE•added 2025/05/23 9:15 p.m.•47 views

CVE-2025-5119

A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The attack can be initiated remotely. The exploit has been disclose...

9.8CVSS7.4AI score0.00039EPSS

Web

CVE•added 2019/09/25 1:15 p.m.•43 views

CVE-2019-16868

emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.

9.8CVSS9.5AI score0.02784EPSS

Web

CVE•added 2021/05/06 9:15 p.m.•31 views

CVE-2021-31737

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.

9.8CVSS9.7AI score0.22778EPSS

CVE•added 2021/12/14 7:15 p.m.•28 views

CVE-2021-40883

A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.

9.8CVSS9.6AI score0.09084EPSS

CVE•added 2023/09/27 3:19 p.m.•28 views

CVE-2023-43291

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component.

9.8CVSS9.6AI score0.13133EPSS

CVE•added 2025/05/15 8:16 p.m.•26 views

CVE-2025-47784

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause str_replace to replace the value of name_orig with empty, causing deserialization to fail and return false. Commit 9643250802188...

9.8CVSS6.5AI score0.00092EPSS

CVE•added 2025/05/15 8:16 p.m.•21 views

CVE-2025-47787

Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation a...

9.8CVSS7.5AI score0.00139EPSS