Latest emlog emlog Vulnerabilities

CVE-2023-41619
Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.
Emlog Emlog=2.1.14
CVE-2023-41618
Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.
Emlog Emlog=2.1.14
CVE-2023-41623
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
Emlog Emlog=2.1.14
CVE-2023-44973
An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Emlog Emlog=2.2.0
CVE-2023-44974
An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Emlog Emlog=2.2.0
CVE-2023-43267
A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title ...
Emlog Emlog=2.1.14
CVE-2023-43291
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component.
Emlog Emlog<=2.1.15
CVE-2023-39121
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
Emlog Emlog=2.1.9
CVE-2023-37049
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.
Emlog Emlog=2.1.9
CVE-2023-30338
Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Articl...
Emlog Emlog=2.0.3
CVE-2022-3968
A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument t...
<2022-11-08
Emlog Emlog<2022-11-08
CVE-2022-43372
Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php.
Emlog Emlog=1.7.1
CVE-2022-42189
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
Emlog Emlog=1.6.0
CVE-2022-23379
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().
Emlog Emlog=6.0.0
CVE-2022-23872
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
Emlog Emlog=1.1.1
CVE-2021-44584
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Emlog Emlog<=1.0.7
CVE-2021-40883
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.
Emlog Emlog=5.3.1
CVE-2020-21654
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.
Emlog Emlog=6.0.0
CVE-2020-21014
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
Emlog Emlog=6.0.0
CVE-2020-21013
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
Emlog Emlog=6.0.0
CVE-2020-21321
Emlog Emlog=6.0.0
CVE-2021-30081
An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.
Emlog Emlog=6.0.0
CVE-2020-18194
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
Emlog Emlog=6.0.0
CVE-2021-31737
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
Emlog Emlog=5.3.1
Emlog Emlog=6.0.0
CVE-2021-30227
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.
Emlog Emlog=6.0.0
CVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
Emlog Emlog=6.0.0
CVE-2021-3293
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.
Emlog Emlog=5.3.1
CVE-2019-17073
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
Emlog Emlog<=5.3.1
Emlog Emlog=6.0.0-beta
CVE-2019-16868
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
Emlog Emlog<=5.3.1
Emlog Emlog=6.0.0-beta
CVE-2018-18316
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
Emlog Emlog=6.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203