Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

emlog — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting emlog. AI-powered Chinese analysis, POCs, and references for each vulnerability.

emlog is an open-source PHP-based content management system designed for personal blogging and lightweight website deployment. Its architecture relies on a modular plugin structure and a MySQL backend, appealing to users seeking simplicity over complex enterprise frameworks. Security audits have identified twenty-seven Common Vulnerabilities and Exposures (CVEs) associated with the platform, predominantly stemming from insufficient input validation and inadequate access controls. Historically, the most prevalent vulnerability classes include Remote Code Execution (RCE) via crafted plugin files, Cross-Site Scripting (XSS) through unsanitized user inputs, and SQL Injection in legacy database queries. Privilege escalation flaws have also been documented, allowing authenticated users to bypass administrative restrictions. These issues often arise from outdated codebases and delayed patching cycles, highlighting the risks inherent in maintaining smaller, community-driven projects without rigorous, continuous security oversight.

Found 29 results / 30Clear Filters
Top products by emlog: emlog Pro
CVE IDTitleCVSSSeverityPublished
CVE-2026-42287 Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions — emlogCWE-89 8.8AIHighAI2026-05-08
CVE-2026-42286 Emlog: Cross-Site Request Forgery in Admin Functions — emlogCWE-352 6.5AIMediumAI2026-05-08
CVE-2026-41517 Emlog: Remote Code Execution via Malicious Plugin Upload — emlogCWE-434 9.8AICriticalAI2026-05-08
CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters — emlogCWE-89 6.5 Medium2026-04-03
CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter — emlogCWE-98 6.5 Medium2026-04-03
CVE-2026-34607 Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE — emlogCWE-22 7.2 High2026-04-03
CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass — emlogCWE-79 6.1 Medium2026-04-03
CVE-2026-34228 Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write — emlogCWE-352 8.8AIHighAI2026-04-03
CVE-2026-31954 Emlog asynchronous media file deletion missing CSRF protection — emlogCWE-352--2026-03-11
CVE-2026-22799 emlog Arbitrary File Upload Vulnerability — emlogCWE-434 7.2AIHighAI2026-01-12
CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF) — emlogCWE-918 7.7 High2026-01-02
CVE-2026-21432 Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO — emlogCWE-79 7.6 -2026-01-02
CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name — emlogCWE-79 5.4 -2026-01-02
CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO — emlogCWE-352 8.3 -2026-01-02
CVE-2026-21429 Emlog has Broken Access Control (BAC) — emlogCWE-862 3.8 -2026-01-02
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error — emlogCWE-287 8.1 -2025-10-24
CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset — emlogCWE-352 8.1 High2025-10-10
CVE-2025-61769 Emlog vulnerable to stored XSS in file upload functionality in emlog — emlogCWE-79 5.4AIMediumAI2025-10-06
CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input — emlogCWE-79 5.4 -2025-10-03
CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection — emlogCWE-79 7.6 High2025-10-03
CVE-2025-53926 Emlog has Stored Cross-site Scripting vulnerability due to error — emlogCWE-79 6.1 Medium2025-07-16
CVE-2025-53925 Emlog has Stored Cross-site Scripting vulnerability in file upload functionality — emlogCWE-79 5.4 Medium2025-07-16
CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality — emlogCWE-79 6.9 Medium2025-07-16
CVE-2025-53923 Emlog vulnerable to reflected Cross-site Scripting in admin panel — emlogCWE-79 8.2 High2025-07-16
CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting — emlogCWE-79 5.4AIMediumAI2025-05-15
CVE-2025-47785 EMLOG SQL Injection Vulnerability — emlogCWE-89 8.3 High2025-05-15
CVE-2025-47787 Emlog Pro Contains a File Upload Vulnerability — emlogCWE-434 7.2AIHighAI2025-05-15
CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data — emlogCWE-502 7.3AIHighAI2025-05-15
CVE-2025-30372 Emlog Pro contains an SQL injection vulnerability. — emlogCWE-89 7.5 -2025-03-28

This page lists every published CVE security advisory associated with emlog. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.