Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Emlog
(Emlog)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-03 | CVE-2023-39121 | emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. | Emlog | 7.2 | ||
| 2023-07-26 | CVE-2023-37049 | emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. | Emlog | 6.5 | ||
| 2023-06-05 | CVE-2020-19028 | *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | Emlog | 7.5 | ||
| 2023-04-27 | CVE-2023-30338 | Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. | Emlog | 5.4 | ||
| 2021-02-08 | CVE-2021-3293 | emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file. | Emlog | 5.3 | ||
| 2022-11-03 | CVE-2022-43372 | Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | Emlog | 4.8 | ||
| 2022-10-21 | CVE-2022-42189 | Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. | Emlog | 7.2 | ||
| 2022-01-31 | CVE-2022-23872 | Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. | Emlog | 4.8 | ||
| 2021-10-01 | CVE-2020-21014 | emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. | Emlog | 6.5 | ||
| 2022-02-04 | CVE-2022-23379 | Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | Emlog | 9.8 |