Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Emlog vulnerable to Server-Side Request Forgery (SSRF)
Vulnerability Description
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
emlog 代码问题漏洞
Vulnerability Description
emlog是emlog开源的一套基于PHP和MySQL的CMS建站系统。 Emlog 2.5.19及之前版本存在代码问题漏洞,该漏洞源于通过上传SVG文件可能导致服务器端带外请求或服务端请求伪造,从而探测内部网络和泄露元数据或凭据。
CVSS Information
N/A
Vulnerability Type
N/A