VYPR

Emlog

by Emlog

Source repositories

CVEs (86)

  • CVE-2025-47784May 15, 2025
    risk 0.00cvss epss 0.00

    Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause `str_replace` to replace the value of `name_orig` with empty, causing deserialization to fail and return…

  • CVE-2025-30372Mar 28, 2025
    risk 0.00cvss epss 0.01

    Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This…

  • CVE-2025-29405Mar 19, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2025-29401Mar 19, 2025
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2025-25783Feb 26, 2025
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.

  • CVE-2025-25825Feb 26, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.

  • CVE-2025-25823Feb 26, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php.

  • CVE-2025-25818Feb 26, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.

  • CVE-2024-13135Jan 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/twitter.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be launched…

  • CVE-2024-13132Jan 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in Emlog Pro up to 2.4.3. This vulnerability affects unknown code of the file /admin/article.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The…

  • CVE-2024-12846Dec 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be…

  • CVE-2024-12845Dec 20, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched…

  • CVE-2024-12844Dec 20, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2024-12842Dec 20, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit…

  • CVE-2024-12841Dec 20, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit…

  • CVE-2024-50655Nov 15, 2024
    risk 0.00cvss epss 0.00

    emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.

  • CVE-2024-46540Sep 30, 2024
    risk 0.00cvss epss 0.01

    A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges.

  • CVE-2024-31612Jun 10, 2024
    risk 0.00cvss epss 0.00

    Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.

  • CVE-2024-5044May 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component Cookie Handler. The manipulation of the argument AuthCookie leads to improper authentication. It is possible to initiate the attack remotely. The…

  • CVE-2024-5043May 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the…