CVE-2023-44974: Malicious File Upload
First published: Tue Oct 03 2023(Updated: )
An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emlog Emlog | =2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-44974?
The severity of CVE-2023-44974 is critical with a severity value of 9.8.
How does the arbitrary file upload vulnerability in Emlog Pro v2.2.0 work?
The vulnerability allows attackers to execute arbitrary code by uploading a crafted PHP file through the /admin/plugin.php component.
Which version of Emlog Pro is affected by CVE-2023-44974?
CVE-2023-44974 affects Emlog Pro v2.2.0.
How can I fix the arbitrary file upload vulnerability in Emlog Pro v2.2.0?
To fix the vulnerability, you should update Emlog Pro to a version that has addressed the issue.
Is there any additional reference for CVE-2023-44974?
Yes, you can find more information about the vulnerability at the following link: [https://github.com/yangliukk/emlog/blob/main/Plugin-getshell.md](https://github.com/yangliukk/emlog/blob/main/Plugin-getshell.md).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/emlog
- canonical/emlog emlog
- version/emlog emlog/2.2.0