A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-11-13
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.
CVSS Score
9.8
EPSS Score
0.091
Published
2021-12-14
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
CVSS Score
9.8
EPSS Score
0.228
Published
2021-05-06
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.
CVSS Score
5.3
EPSS Score
0.394
Published
2021-02-08
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-10-01
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
CVSS Score
9.8
EPSS Score
0.028
Published
2019-09-25