Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Emlog Pro has CSRF issue that Enables Admin Password Reset
Vulnerability Description
Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Emlog Pro 跨站请求伪造漏洞
Vulnerability Description
Emlog Pro是Emlog开源的一个博客系统。 Emlog Pro 2.5.19版本和更早版本存在跨站请求伪造漏洞,该漏洞源于密码更改端点存在跨站请求伪造,可能导致特权用户账户接管。
CVSS Information
N/A
Vulnerability Type
N/A