Unrated severityNVD Advisory· Published May 15, 2025· Updated May 19, 2025
EMLOG SQL Injection Vulnerability
CVE-2025-47785
Description
Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/emlog/emlog/security/advisories/GHSA-939m-47f7-m559mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.