Medium severity6.5NVD Advisory· Published Apr 3, 2026· Updated Apr 13, 2026

CVE-2026-34788

Description

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tag_model.php at line 168. The updateTagName() function directly interpolates user input into the SQL query string without using parameterized queries or proper escaping ($this->db->escape_string()), making it vulnerable to SQL injection attacks. At time of publication, there are no publicly available patches.

Affected products

Emlog/Emlog
cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*
Range: <=2.6.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/emlog/emlog/security/advisories/GHSA-32mg-33qq-p3gfnvdExploitVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000