Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

emlog — Vulnerabilities & Security Advisories 28

All 28 CVE vulnerabilities found in emlog, with AI-generated Chinese analysis, references, and POCs.

Vendor: unspecified

CVE IDTitleCVSSSeverityPublished
CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters CWE-89 6.5 Medium2026-04-03
CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter CWE-98 6.5 Medium2026-04-03
CVE-2026-34607 Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE CWE-22 7.2 High2026-04-03
CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass CWE-79 6.1 Medium2026-04-03
CVE-2026-34228 Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write CWE-352 8.8AIHighAI2026-04-03
CVE-2026-31954 Emlog asynchronous media file deletion missing CSRF protection CWE-352--2026-03-11
CVE-2026-22799 emlog Arbitrary File Upload Vulnerability CWE-434 7.2AIHighAI2026-01-12
CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF) CWE-918 7.7 High2026-01-02
CVE-2026-21432 Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO CWE-79 7.6 -2026-01-02
CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name CWE-79 5.4 -2026-01-02
CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO CWE-352 8.3 -2026-01-02
CVE-2026-21429 Emlog has Broken Access Control (BAC) CWE-862 3.8 -2026-01-02
CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error CWE-287 8.1 -2025-10-24
CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset CWE-352 8.1 High2025-10-10
CVE-2025-61769 Emlog vulnerable to stored XSS in file upload functionality in emlog CWE-79 5.4AIMediumAI2025-10-06
CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input CWE-79 5.4 -2025-10-03
CVE-2025-61597 Emlog Pro is vulnerable to stored XSS attack through HTML template injection CWE-79 7.6 High2025-10-03
CVE-2025-53926 Emlog has Stored Cross-site Scripting vulnerability due to error CWE-79 6.1 Medium2025-07-16
CVE-2025-53925 Emlog has Stored Cross-site Scripting vulnerability in file upload functionality CWE-79 5.4 Medium2025-07-16
CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality CWE-79 6.9 Medium2025-07-16
CVE-2025-53923 Emlog vulnerable to reflected Cross-site Scripting in admin panel CWE-79 8.2 High2025-07-16
CVE-2025-5886 Emlog article.php cross site scripting CWE-79 3.5 Low2025-06-09
CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting CWE-79 5.4AIMediumAI2025-05-15
CVE-2025-47785 EMLOG SQL Injection Vulnerability CWE-89 8.3 High2025-05-15
CVE-2025-47787 Emlog Pro Contains a File Upload Vulnerability CWE-434 7.2AIHighAI2025-05-15
CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data CWE-502 7.3AIHighAI2025-05-15
CVE-2025-30372 Emlog Pro contains an SQL injection vulnerability. CWE-89 7.5 -2025-03-28
CVE-2022-3968 emlog article_save.php cross site scripting CWE-707 3.5 Low2022-11-13

All 28 known CVE vulnerabilities affecting emlog with full Chinese analysis, references, and POCs where available.