Emlog
by Emlog
Source repositories
CVEs (86)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30081 | 0.00 | — | 0.01 | May 24, 2021 | An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page. | |||
| CVE-2020-18194 | 0.00 | — | 0.02 | May 17, 2021 | Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. | |||
| CVE-2021-30227 | 0.00 | — | 0.01 | Apr 29, 2021 | Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0. | |||
| CVE-2019-17073 | 0.00 | — | 0.02 | Oct 1, 2019 | emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal. | |||
| CVE-2019-16868 | 0.00 | — | 0.03 | Sep 25, 2019 | emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | |||
| CVE-2018-18316 | 0.00 | — | 0.01 | Oct 15, 2018 | emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. |
- CVE-2021-30081May 24, 2021risk 0.00cvss —epss 0.01
An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.
- CVE-2020-18194May 17, 2021risk 0.00cvss —epss 0.02
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
- CVE-2021-30227Apr 29, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.
- CVE-2019-17073Oct 1, 2019risk 0.00cvss —epss 0.02
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
- CVE-2019-16868Sep 25, 2019risk 0.00cvss —epss 0.03
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
- CVE-2018-18316Oct 15, 2018risk 0.00cvss —epss 0.01
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
Page 5 of 5