CVE-2025-47787

High CVSS: 8.9

Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch for the issue.

Vendor

Emlog

Product

Emlog

CWE

CWE-434

Yayın Tarihi

2025-05-15 20:16:09

Güncelleme

2025-07-01 14:42:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-434 Emlog HIGH Emlog 2025

Referanslar

https://github.com/emlog/emlog/commit/691c13e90df2fb35e120f4e0735078bad018eed7 https://github.com/emlog/emlog/security/advisories/GHSA-4mcj-8gvh-p753 https://github.com/emlog/emlog/security/advisories/GHSA-4mcj-8gvh-p753

Benzer Kayıtlar

Unknown

CVE-2026-31954

Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lac…

Critical

CVE-2026-22799

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-a…

Medium

CVE-2026-21432

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can…

High

CVE-2026-21433

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-o…

High

CVE-2026-21430

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cros…

Low

CVE-2026-21431

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `…