CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46540
https://notcve.org/view.php?id=CVE-2024-46540
30 Sep 2024 — A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. • https://gist.github.com/microvorld/1c1ef9c3390a5d88a5ede9f9424a8bd2 • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5043 – Emlog Pro setting.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-5043
17 May 2024 — A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20Admin%20side%20can%20upload%20arbitrary%20files%20and%20getshell.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3763 – Emlog Pro Post Tag tag.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-3763
14 Apr 2024 — A vulnerability was found in Emlog Pro 2.2.10. It has been rated as problematic. This issue affects some unknown processing of the file /admin/tag.php of the component Post Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. • https://github.com/fubxx/CVE/blob/main/Emlog-XSS2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3762 – Emlog Pro Whisper Page twitter.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-3762
14 Apr 2024 — A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/twitter.php of the component Whisper Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. • https://github.com/fubxx/CVE/blob/main/Emlog-XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25381
https://notcve.org/view.php?id=CVE-2024-25381
21 Feb 2024 — There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content. Existe una vulnerabilidad XSS almacenada en la publicación de artículos de Emlog Pro 2.2.8, debido a que no se filtra el contenido citado. • https://github.com/Ox130e07d/CVE-2024-25381 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40610
https://notcve.org/view.php?id=CVE-2021-40610
09 Jun 2022 — Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. Emlog Pro versión v1.0.4, una vulnerabilidad de tipo cross-site scripting (XSS) en la administración de fondo de Emlog Pro • https://github.com/blackQvQ/emlog/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •