Emlog

Emlog

92 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-47787

Exploit
  • EPSS 1.8%
  • Veröffentlicht 15.05.2025 19:27:03
  • Zuletzt bearbeitet 01.07.2025 14:42:21

Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded...

9.8

CVE-2025-47784

  • EPSS 0.76%
  • Veröffentlicht 15.05.2025 19:21:15
  • Zuletzt bearbeitet 20.10.2025 17:19:08

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause `str_replace` to replace the value of `name_orig` with empty, causing deseriali...

9.8

CVE-2025-30372

Exploit
  • EPSS 0.27%
  • Veröffentlicht 28.03.2025 14:51:41
  • Zuletzt bearbeitet 14.04.2025 14:49:16

Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by ...

6.3

CVE-2025-29405

Exploit
  • EPSS 0.19%
  • Veröffentlicht 19.03.2025 00:00:00
  • Zuletzt bearbeitet 12.06.2025 19:35:35

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file.

9.8

CVE-2025-29401

Exploit
  • EPSS 0.69%
  • Veröffentlicht 19.03.2025 00:00:00
  • Zuletzt bearbeitet 16.06.2025 18:49:10

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.

6.8

CVE-2025-25827

  • EPSS 0.12%
  • Veröffentlicht 26.02.2025 15:15:28
  • Zuletzt bearbeitet 07.04.2025 18:52:32

A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.

7.1

CVE-2025-25825

  • EPSS 0.14%
  • Veröffentlicht 26.02.2025 15:15:28
  • Zuletzt bearbeitet 07.04.2025 18:52:38

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.

7.3

CVE-2025-25823

  • EPSS 0.13%
  • Veröffentlicht 26.02.2025 15:15:28
  • Zuletzt bearbeitet 07.04.2025 18:52:44

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php.

5.1

CVE-2025-25818

  • EPSS 0.13%
  • Veröffentlicht 26.02.2025 15:15:28
  • Zuletzt bearbeitet 07.04.2025 18:52:50

A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.

9.8

CVE-2025-25783

  • EPSS 0.21%
  • Veröffentlicht 26.02.2025 15:15:26
  • Zuletzt bearbeitet 07.04.2025 19:11:53

An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.