First published: Tue Oct 03 2023(Updated: )
An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Emlog Emlog | =2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-44974 is critical with a severity value of 9.8.
The vulnerability allows attackers to execute arbitrary code by uploading a crafted PHP file through the /admin/plugin.php component.
CVE-2023-44974 affects Emlog Pro v2.2.0.
To fix the vulnerability, you should update Emlog Pro to a version that has addressed the issue.
Yes, you can find more information about the vulnerability at the following link: [https://github.com/yangliukk/emlog/blob/main/Plugin-getshell.md](https://github.com/yangliukk/emlog/blob/main/Plugin-getshell.md).