Vulnerabilities > Emlog > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-44973 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0 An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
| 2023-10-03 | CVE-2023-44974 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 2.2.0 An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 |
| 2023-09-27 | CVE-2023-43291 | Deserialization of Untrusted Data vulnerability in Emlog Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. | 9.8 |
| 2022-02-04 | CVE-2022-23379 | SQL Injection vulnerability in Emlog 6.0.0 Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | 9.8 |
| 2021-12-14 | CVE-2021-40883 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 5.3.1 A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. | 9.8 |
| 2021-05-06 | CVE-2021-31737 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 5.3.1/6.0.0 emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php. | 9.8 |
| 2021-04-02 | CVE-2020-21585 | Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0 Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. | 9.8 |
| 2019-09-25 | CVE-2019-16868 | Path Traversal vulnerability in Emlog emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | 9.8 |