Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Emlog — Vulnerabilities & Security Advisories 31

All 31 CVE vulnerabilities found in Emlog, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known security weaknesses for the emlog content management system. It focuses on Common Weakness Enumerations (CWE) and Common Vulnerabilities and Exposures (CVE) associated with this specific software vendor. The content collected covers a wide spectrum of vulnerability types, including but not limited to Cross-Site Scripting (XSS), SQL Injection, Remote Code Execution, and improper access control issues. The timeline for these records extends from the initial public disclosures up to the present date, ensuring that both historical findings and recent patches are accessible. By maintaining an up-to-date repository, this resource helps security professionals and developers stay informed about the evolving threat landscape surrounding emlog instances. Visitors to this page can efficiently track the vendor’s security advisories to understand the remediation timeline for critical flaws. Users can also deepen their understanding of specific weakness classes by analyzing patterns across multiple incidents within the emlog ecosystem. Furthermore, the aggregated data allows for a comprehensive lookup of the product’s vulnerability history, facilitating risk assessments and informed decisions regarding system upgrades or mitigation strategies. This centralized view eliminates the need to search multiple disparate sources, providing a clearer picture of the security posture of emlog deployments. The information is presented to assist in technical analysis rather than to promote any commercial services or features.

Vendor: unspecified

CVE IDTitleCVSSSeverityPublished
CVE-2026-42287 Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions CWE-89 8.8AIHighAI2026-05-08
CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions CWE-352 6.5AIMediumAI2026-05-08
CVE-2026-41517 Emlog: Remote Code Execution via Malicious Plugin Upload CWE-434 9.8AICriticalAI2026-05-08
CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters CWE-89 6.5 Medium2026-04-03
CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter CWE-98 6.5 Medium2026-04-03
CVE-2026-34607 Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE CWE-22 7.2 High2026-04-03
CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass CWE-79 6.1 Medium2026-04-03
CVE-2026-34228 Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write CWE-352 8.8AIHighAI2026-04-03
CVE-2026-31954 Emlog asynchronous media file deletion missing CSRF protection CWE-352--2026-03-11
CVE-2026-22799 emlog Arbitrary File Upload Vulnerability CWE-434 7.2AIHighAI2026-01-12
CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF) CWE-918 7.7 High2026-01-02
CVE-2026-21432 Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO CWE-79 7.6 -2026-01-02
CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name CWE-79 5.4 -2026-01-02
CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO CWE-352 8.3 -2026-01-02
CVE-2026-21429 Emlog has Broken Access Control (BAC) CWE-862 3.8 -2026-01-02
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error CWE-287 8.1 -2025-10-24
CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset CWE-352 8.1 High2025-10-10
CVE-2025-61769 Emlog vulnerable to stored XSS in file upload functionality in emlog CWE-79 5.4AIMediumAI2025-10-06
CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input CWE-79 5.4 -2025-10-03
CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection CWE-79 7.6 High2025-10-03
CVE-2025-53926 Emlog has Stored Cross-site Scripting vulnerability due to error CWE-79 6.1 Medium2025-07-16
CVE-2025-53925 Emlog has Stored Cross-site Scripting vulnerability in file upload functionality CWE-79 5.4 Medium2025-07-16
CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality CWE-79 6.9 Medium2025-07-16
CVE-2025-53923 Emlog vulnerable to reflected Cross-site Scripting in admin panel CWE-79 8.2 High2025-07-16
CVE-2025-5886 Emlog article.php cross site scripting CWE-79 3.5 Low2025-06-09
CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting CWE-79 5.4AIMediumAI2025-05-15
CVE-2025-47785 EMLOG SQL Injection Vulnerability CWE-89 8.3 High2025-05-15
CVE-2025-47787 Emlog Pro Contains a File Upload Vulnerability CWE-434 7.2AIHighAI2025-05-15
CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data CWE-502 7.3AIHighAI2025-05-15
CVE-2025-30372 Emlog Pro contains an SQL injection vulnerability. CWE-89 7.5 -2025-03-28

All 31 known CVE vulnerabilities affecting Emlog with full Chinese analysis, references, and POCs where available.