Emlog ≫ Emlog

emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.

emlog v6.0.0 contains a SQL injection via /admin/comment.php.

emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.

An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.

Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.

Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.

Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.

emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.