Emlog

emlog

92 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (92)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-21014 1Emlog 1Emlog Nov 21, 2024 Oct 1, 2021 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
CVE-2020-21013 1Emlog 1Emlog Nov 21, 2024 Oct 1, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 emlog v6.0.0 contains a SQL injection via /admin/comment.php.
CVE-2020-21321 1Emlog 1Emlog Nov 21, 2024 Sep 15, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
CVE-2021-30081 1Emlog 1Emlog Nov 21, 2024 May 24, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.
CVE-2020-18194 1Emlog 1Emlog Nov 21, 2024 May 17, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
CVE-2021-31737 1Emlog 1Emlog Nov 21, 2024 May 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
CVE-2021-30227 1Emlog 1Emlog Nov 21, 2024 Apr 29, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.
CVE-2020-21585 1Emlog 1Emlog Nov 21, 2024 Apr 2, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
CVE-2021-3293 1Emlog 1Emlog Nov 21, 2024 Feb 8, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.
CVE-2019-17073 1Emlog 1Emlog Nov 21, 2024 Oct 1, 2019 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.
CVE-2019-16868 1Emlog 1Emlog Nov 21, 2024 Sep 25, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter.
CVE-2018-18316 1Emlog 1Emlog Nov 21, 2024 Oct 15, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.

Previous 1 2 3 45