Vulnerabilities > Emlog

DATE CVE VULNERABILITY TITLE RISK
2022-04-29 CVE-2022-1526 Cross-site Scripting vulnerability in Emlog
A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2.
network
emlog CWE-79
3.5
2022-02-04 CVE-2022-23379 SQL Injection vulnerability in Emlog 6.0.0
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().
network
low complexity
emlog CWE-89
7.5
2022-01-31 CVE-2022-23872 Cross-site Scripting vulnerability in Emlog PRO 1.1.1
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
network
emlog CWE-79
3.5
2022-01-06 CVE-2021-44584 Cross-site Scripting vulnerability in Emlog
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
network
emlog CWE-79
4.3
2021-12-14 CVE-2021-40883 Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 5.3.1
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.
network
low complexity
emlog CWE-434
7.5
2021-10-06 CVE-2020-21654 Unspecified vulnerability in Emlog 6.0.0
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file.
network
low complexity
emlog
6.5
2021-10-01 CVE-2020-21013 SQL Injection vulnerability in Emlog 6.0.0
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
network
low complexity
emlog CWE-89
6.5
2021-10-01 CVE-2020-21014 Incorrect Permission Assignment for Critical Resource vulnerability in Emlog 6.0.0
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
network
low complexity
emlog CWE-732
5.5
2021-09-15 CVE-2020-21321 Cross-Site Request Forgery (CSRF) vulnerability in Emlog 6.0.0
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
network
emlog CWE-352
4.3
2021-05-24 CVE-2021-30081 SQL Injection vulnerability in Emlog 6.0.0
An issue was discovered in emlog 6.0.0stable.
network
low complexity
emlog CWE-89
6.5