关键漏洞信息 Title: emlog.net Emlog 2.5.18 Unrestricted Upload Description: - Projectworlds emlog Project V2.5.18 /admin/blogger.php?action=update_avatar File unrestricted upload - NAME OF AFFECTED PRODUCT(S): emlog - Vendor Homepage: emlog.net - Vulnerable File: /admin/blogger.php?action=update_avatar - VERSION(S): V2.5.18 - Software Link: https://www.emlog.net/ - Vulnerability Type: File unrestricted upload - Root Cause: - Attackers can upload arbitrary files (including malicious scripts) through the parameter without proper verification of file type, size, content, or storage path. - Impact: - Attackers can exploit this vulnerability to upload malicious scripts (such as PHP, JSP, ASP files), gain server control, access or tamper with sensitive data, spread malware, and even cause service paralysis. - Description: - During the security review of "emlog", a critical file unrestricted upload vulnerability was discovered in the "/admin/blogger.php?action=update_avatar" file. This vulnerability arises from inadequate validation and restrictions on the parameter when uploading files.