Vulnerabilities > Emlog > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-41623 SQL Injection vulnerability in Emlog 2.1.14
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
network
low complexity
emlog CWE-89
7.2
7.2
2023-08-03 CVE-2023-39121 SQL Injection vulnerability in Emlog 2.1.9
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
network
low complexity
emlog CWE-89
7.2
7.2
2023-06-05 CVE-2020-19028 Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0
*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.
network
low complexity
emlog CWE-434
7.5
7.5
2022-10-21 CVE-2022-42189 Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 1.6.0
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
network
low complexity
emlog CWE-434
7.2
7.2
2022-02-04 CVE-2022-23379 SQL Injection vulnerability in Emlog 6.0.0
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().
network
low complexity
emlog CWE-89
7.5
7.5
2021-12-14 CVE-2021-40883 Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 5.3.1
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.
network
low complexity
emlog CWE-434
7.5
7.5
2021-05-06 CVE-2021-31737 Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 5.3.1/6.0.0
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
network
low complexity
emlog CWE-434
7.5
7.5
2021-04-02 CVE-2020-21585 Unrestricted Upload of File with Dangerous Type vulnerability in Emlog 6.0.0
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
network
low complexity
emlog CWE-434
7.5
7.5
2019-09-25 CVE-2019-16868 Path Traversal vulnerability in Emlog 3.5.1/5.3.1/6.0.0
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
network
low complexity
emlog CWE-22
7.5
7.5