Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

emlog — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting emlog. AI-powered Chinese analysis, POCs, and references for each vulnerability.

emlog is an open-source PHP-based content management system designed for personal blogging and lightweight website deployment. Its architecture relies on a modular plugin structure and a MySQL backend, appealing to users seeking simplicity over complex enterprise frameworks. Security audits have identified twenty-seven Common Vulnerabilities and Exposures (CVEs) associated with the platform, predominantly stemming from insufficient input validation and inadequate access controls. Historically, the most prevalent vulnerability classes include Remote Code Execution (RCE) via crafted plugin files, Cross-Site Scripting (XSS) through unsanitized user inputs, and SQL Injection in legacy database queries. Privilege escalation flaws have also been documented, allowing authenticated users to bypass administrative restrictions. These issues often arise from outdated codebases and delayed patching cycles, highlighting the risks inherent in maintaining smaller, community-driven projects without rigorous, continuous security oversight.

Found 1 results / 30Clear Filters
Top products by emlog: emlog Pro
CriticalCVE-2026-415172026-05-09
Remote Code Execution via Malicious Plugin Upload · Advisory · emlog/emlog · GitHub
Critical2026-05-09
SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions · Advisory · emlog/emlog · GitHub
High2026-05-09
Cross-Site Request Forgery in Admin Functions · Advisory · emlog/emlog · GitHub
Critical2026-04-04
Path Traversal in emUnZip() allows arbitrary file write leading to RCE · Advisory · emlog/emlog · GitHub
High2026-04-04
Stored XSS in Comment Module via URI Scheme Validation Bypass · Advisory · emlog/emlog · GitHub
Medium2026-04-04
Local File Inclusion in plugin.php via unsanitized plugin parameter · Advisory · emlog/emlog · GitHub
Critical2026-04-04
SQL Injection in tag_model::updateTagName() via unsanitized parameters · Advisory · emlog/emlog · GitHub
CriticalCVE-2024-36282026-04-04
CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write · Advisory · emlog/
Critical2026-01-20
emlog v2.6.1 Arbitrary File Upload Vulnerability · Advisory · emlog/emlog · GitHub
High2025-11-09
emlog discover any file deletion vulnerability again! · Issue #49 · emlog/emlog
LowCVE-2015-67692025-10-07
Stored XSS in file upload functionality in emlog · Advisory · emlog/emlog · GitHub
HighCVE-2025-615992025-10-03
Stored Cross-Site Scripting (XSS) in "Twitter" (微语) Feature via Markdown Input. · Advisory · emlog/emlog · GitHub
MediumCVE-2025-539242025-07-17
Stored XSS in links functionality in emlog · Advisory · emlog/emlog · GitHub
MediumCVE-2025-539262025-07-17
Reflected XSS due to error in emlog CMS · Advisory · emlog/emlog · GitHub
MediumCVE-2025-539252025-07-17
Stored XSS in file upload functionality in emlog CMS · Advisory · emlog/emlog · GitHub
Critical2025-05-25
Emlog Pro contains an SQL injection vulnerability. · Issue #5 · 404heihei/CVE
HighCVE-2025-477852025-05-17
EMLOG SQL Injection Vulnerability · Advisory · emlog/emlog · GitHub
HighCVE-2025-303722025-03-29
Emlog Pro contains an SQL injection vulnerability. · Advisory · emlog/emlog · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with emlog. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.