Primary

Context

Emlog Pro Arbitrary File Upload Vulnerability in Plugin Component Allowing Code Execution

Vulnerability

A vulnerability allowing arbitrary file upload has been identified in Emlog Pro version 2.5.7, specifically within the plugin management component. This issue arises because the application does not properly validate or filter uploaded files. Attackers can exploit this vulnerability by uploading a compressed file containing a PHP script, which is then executed on the server after the file is decompressed.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Emlog Pro is installed.

Reproduction

The vulnerability can be reproduced by uploading a zip file containing a PHP script through the plugin management interface. After the file is uploaded, it can be accessed via the web server, and the PHP script will be executed, demonstrating successful exploitation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Emlog Pro Arbitrary File Upload Vulnerability in Plugin Component Allowing Code Execution

Vulnerability

Impact

Reproduction

Affected Products

bGl1o emlog pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating