High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-12	CVE-2023-41623	SQL Injection vulnerability in Emlog 2.1.14 Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. network low complexity emlog CWE-89	7.2
2023-08-03	CVE-2023-39121	SQL Injection vulnerability in Emlog 2.1.9 emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. network low complexity emlog CWE-89	7.2
2023-06-05	CVE-2020-19028	Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0 *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. network low complexity emlog CWE-434	7.5
2022-10-21	CVE-2022-42189	Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 1.6.0 Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. network low complexity emlog CWE-434	7.2
2021-10-06	CVE-2020-21654	Unspecified vulnerability in Emlog 6.0.0 emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file. network low complexity emlog	7.2
2021-10-01	CVE-2020-21013	SQL Injection vulnerability in Emlog 6.0.0 emlog v6.0.0 contains a SQL injection via /admin/comment.php. network low complexity emlog CWE-89	7.2
2021-05-24	CVE-2021-30081	SQL Injection vulnerability in Emlog 6.0.0 An issue was discovered in emlog 6.0.0stable. network low complexity emlog CWE-89	8.8
2018-10-15	CVE-2018-18316	Cross-Site Request Forgery (CSRF) vulnerability in Emlog 6.0.0 emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. network low complexity emlog CWE-352	8.8