Emlog SQL Injection Vulnerability in Article Management Functions

A SQL injection vulnerability has been identified in Emlog versions prior to 2.6.11. This issue arises in the article creation and update functions, where user input is directly concatenated into SQL queries without proper sanitization. As a result, attackers can execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, with potential consequences including complete database compromise, unauthorized access to admin privileges, and theft of sensitive data such as passwords.

Reproduction

To reproduce this vulnerability, submit an article through the admin interface's article save feature. Inject malicious SQL into the title or content fields. For example, a title like 'test'; DROP TABLE emlog_user; --' would execute a SQL command to delete a user table. Alternatively, injecting SQL to update user roles could escalate privileges.

Remediation

Users are advised to update to Emlog version 2.6.11 or later, where this vulnerability has been patched.