Primary

Context

Emlog Pro Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Emlog Pro version 2.5.4, specifically within the sort.php component. This vulnerability allows attackers to scan local and internal ports by supplying a crafted URL.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery (SSRF), which could be used to interact with internal services or resources that are not exposed to the public.

Reproduction

To reproduce this vulnerability, send a request to the sort.php component with a crafted URL that targets internal or local ports. This can be done by manipulating the URL parameter to scan for open ports on the localhost or other internal services.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.0

exploitability

8.6

remediation

7.7

relevance

0.0

threat

1.6

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.0

exploitability

8.6

remediation

7.7

relevance

0.0

threat

1.6

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Emlog Pro Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Emlog Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating