Vulnerabilities > Emlog
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-13 | CVE-2023-41621 | Cross-site Scripting vulnerability in Emlog 2.1.14 A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. | 6.1 |
| 2023-12-12 | CVE-2023-41623 | SQL Injection vulnerability in Emlog 2.1.14 Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. | 7.2 |
| 2023-10-03 | CVE-2023-44973 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0 An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
| 2023-10-03 | CVE-2023-44974 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0 An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
| 2023-10-02 | CVE-2023-43267 | Cross-site Scripting vulnerability in Emlog 2.1.14 A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. | 5.4 |
| 2023-09-27 | CVE-2023-43291 | Deserialization of Untrusted Data vulnerability in Emlog Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. | 9.8 |
| 2023-08-03 | CVE-2023-39121 | SQL Injection vulnerability in Emlog 2.1.9 emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. | 7.2 |
| 2023-07-26 | CVE-2023-37049 | Missing Authorization vulnerability in Emlog 2.1.9 emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. | 6.5 |
| 2023-06-05 | CVE-2020-19028 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0 *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | 7.5 |
| 2023-04-27 | CVE-2023-30338 | Cross-site Scripting vulnerability in Emlog 2.0.3 Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. | 5.4 |