Browse all 30 CVE security advisories affecting emlog. AI-powered Chinese analysis, POCs, and references for each vulnerability.
emlog is an open-source PHP-based content management system designed for personal blogging and lightweight website deployment. Its architecture relies on a modular plugin structure and a MySQL backend, appealing to users seeking simplicity over complex enterprise frameworks. Security audits have identified twenty-seven Common Vulnerabilities and Exposures (CVEs) associated with the platform, predominantly stemming from insufficient input validation and inadequate access controls. Historically, the most prevalent vulnerability classes include Remote Code Execution (RCE) via crafted plugin files, Cross-Site Scripting (XSS) through unsanitized user inputs, and SQL Injection in legacy database queries. Privilege escalation flaws have also been documented, allowing authenticated users to bypass administrative restrictions. These issues often arise from outdated codebases and delayed patching cycles, highlighting the risks inherent in maintaining smaller, community-driven projects without rigorous, continuous security oversight.
CVE-2026-415172026-05-09CVE-2024-36282026-04-04Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with emlog. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.