Product
emlog
92 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-34788
CVE-2026-34787
CVE-2026-34607
CVE-2026-34229
CVE-2026-34228
CVE-2026-31954
CVE-2026-22799
CVE-2026-21433
CVE-2026-21432
CVE-2026-21431
CVE-2026-21430
CVE-2026-21429
CVE-2025-61318
CVE-2025-62717
CVE-2025-61930
CVE-2025-61769
CVE-2025-60448
CVE-2025-60447
CVE-2025-61599
CVE-2025-61597
CVE-2025-9296
CVE-2025-44139
CVE-2025-53926
CVE-2025-53925
CVE-2025-53924
CVE-2025-53923
CVE-2025-5886
CVE-2025-5119
CVE-2025-47787
CVE-2025-47786
CVE-2025-47785
CVE-2025-47784
CVE-2025-30372
CVE-2025-29405
CVE-2025-29401
CVE-2025-25827
CVE-2025-25825
CVE-2025-25823
CVE-2025-25818
CVE-2025-25783
CVE-2024-13140
CVE-2024-13135
CVE-2024-13132
CVE-2024-12846
CVE-2024-12845
CVE-2024-12844
CVE-2024-12843
CVE-2024-12842
CVE-2024-12841
CVE-2024-50655
CVE-2024-46540
CVE-2024-31612
CVE-2024-5044
CVE-2024-5043
CVE-2024-33752
CVE-2024-3763
CVE-2024-3762
CVE-2024-31013
CVE-2024-25381
CVE-2023-41619
CVE-2023-41618
CVE-2023-41621
CVE-2023-41623
CVE-2023-44974
CVE-2023-44973
CVE-2023-43267
CVE-2023-43291
CVE-2023-39121
CVE-2023-37049
CVE-2020-19028
CVE-2023-30338
CVE-2022-3968
CVE-2022-43372
CVE-2022-42189
CVE-2022-1526
CVE-2022-23379
CVE-2022-23872
CVE-2021-44584
CVE-2021-40883
CVE-2020-21654
CVE-2020-21014
CVE-2020-21013
CVE-2020-21321
CVE-2021-30081
CVE-2020-18194
CVE-2021-31737
CVE-2021-30227
CVE-2020-21585
CVE-2021-3293
CVE-2019-17073
CVE-2019-16868
CVE-2018-18316
<= 2.6.2
Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/mode
<= 2.6.2
Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion (LFI) vulnerability exists in
<= 2.6.2
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip
< 2.6.8
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vulnerabilit
< 2.6.8
Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP
<= 2.6.6
Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call
< 2.6.1
Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload)
<= 2.5.19
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OO
all versions
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to a
all versions
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource m
all versions
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site req
all versions
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or
all versions
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and
all versions
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error d
<= 2.5.19
Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forg
< 2.5.22
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2
all versions
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insuffi
all versions
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email t
<= 2.5.21
Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the "Twitter"feature
<= 2.5.19
Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑si
<= 2.5.18
A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.
all versions
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
<= 2.5.17
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.1
<= 2.5.17
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.1
<= 2.5.17
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.1
<= 2.5.17
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.1
<= 2.5.7
A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the fi
all versions
A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file
< 2.5.10
Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store
all versions
Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any re
<= 2.5.9
Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origCont
< 2.5.14
Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who create
< 2.5.9
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability
>= 2.5.1 and <= 2.5.7
An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to e
all versions
An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrar
all versions
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal por
all versions
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injec
all versions
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injec
all versions
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injec
all versions
An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary
>= 2.4.0 and <= 2.4.3
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /ad
all versions
A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown func
>= 2.4.0 and <= 2.4.3
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.3. This vulnerability affects unknown code of the file
< 2.4.1
A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unkn
<= 2.4.1
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functio
<= 2.4.1
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /ad
<= 2.4.1
A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing o
< 2.4.1
A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code o
<= 2.4.1
A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the fil
<= 2.3.18
emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in publi
< 2.3.15
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use
all versions
Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to acce
all versions
A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects an unknown part of the component
all versions
A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of t
all versions
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited b
all versions
A vulnerability was found in Emlog Pro 2.2.10. It has been rated as problematic. This issue affects some unknown processing of the
all versions
A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the
all versions
Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted
all versions
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
all versions
Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action
all versions
Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article
all versions
A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.
all versions
Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
all versions
An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrar
all versions
An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitr
all versions
A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitr
<= 2.1.15
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cac
all versions
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
all versions
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.
all versions
*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via th
all versions
Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts o
< 2022-11-08
A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality
all versions
Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php.
all versions
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
<= 1.2.2
A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling
all versions
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().
all versions
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php
<= 1.0.7
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary we
all versions
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.
all versions
emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file
all versions
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
all versions
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
all versions
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily
all versions
An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query
all versions
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link
all versions
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
all versions
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.
all versions
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
all versions
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.
<= 5.3.1
emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ dire
<= 5.3.1
emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with direct
all versions
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.