Shodan
Vulnerabilities
Vulnerable Software
Emlog:  >> Emlog  >> 2.5.9  Security Vulnerabilities
CVE-2025-47787
Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch for the issue.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-05-15
CVE-2025-47784
Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause `str_replace` to replace the value of `name_orig` with empty, causing deserialization to fail and return `false`. Commit 9643250802188b791419e3c2188577073256a8a2 fixes the issue.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-05-15
CVE-2025-47785
Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists.
CVSS Score
8.3
EPSS Score
0.003
Published
2025-05-15
CVE-2022-3968
A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-11-13
CVE-2019-17073
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-10-01
CVE-2019-16868
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
CVSS Score
9.8
EPSS Score
0.028
Published
2019-09-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved