Emlog Pro
0 remedies
cpe:2.3:a:emlog_pro_project:emlog_pro:*:*:*:*:*:*:*
0 remedies
- 2.5.0
- 2.5.1
- 2.5.2
- 2.5.3
- 2.5.4
- 2.5.5
- 2.5.6
- 2.5.7
- 2.5.8
- 2.5.9
- 2.5.10
- 2.5.11
- 2.5.12
- 2.5.13
- 2.5.14
- 2.5.15
- 2.5.16
- 2.5.17
- 2.5.18
Emlog Pro Unrestricted File Upload Vulnerability in Media Upload Action
Vulnerability
A file unrestricted upload vulnerability has been identified in Emlog Pro versions through 2.5.18. The issue resides in the file '/admin/media.php?action=upload&sid=0', where inadequate validation of the 'file' parameter allows attackers to upload arbitrary files, including malicious scripts. This vulnerability can be exploited remotely, with a public proof-of-concept available.
Impact
Exploitation of this vulnerability allows attackers to upload and execute malicious scripts on the server, potentially leading to unauthorized access, data manipulation, malware distribution, or disruption of services.
Reproduction
The vulnerability can be reproduced by sending a POST request to '/admin/media.php?action=upload&sid=0' with a file payload that includes a malicious script disguised as an image. The uploaded file is then executed on the server, demonstrating the unrestricted upload and execution capability.
Added: Aug 20, 2025, 11:16 AM
Updated: Aug 20, 2025, 11:16 AM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
7.5exploitability
9.7remediation
0.0relevance
0.4threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.