VYPR

Emlog

by Emlog

Source repositories

CVEs (86)

  • CVE-2021-30081May 24, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.

  • CVE-2020-18194May 17, 2021
    risk 0.00cvss epss 0.02

    Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.

  • CVE-2021-30227Apr 29, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.

  • CVE-2019-17073Oct 1, 2019
    risk 0.00cvss epss 0.02

    emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.

  • CVE-2019-16868Sep 25, 2019
    risk 0.00cvss epss 0.03

    emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.

  • CVE-2018-18316Oct 15, 2018
    risk 0.00cvss epss 0.01

    emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.

Page 5 of 5