exploitDog

CVE-2025-47787

Опубликовано: 15 мая 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch for the issue.

Ссылки

https://github.com/emlog/emlog/commit/691c13e90df2fb35e120f4e0735078bad018eed7
Patch
https://github.com/emlog/emlog/security/advisories/GHSA-4mcj-8gvh-p753
Exploit
Vendor Advisory
https://github.com/emlog/emlog/security/advisories/GHSA-4mcj-8gvh-p753
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*

Версия до 2.5.10 (исключая)

EPSS

Процентиль: 67%

0.00533

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

EPSS

Процентиль: 67%

0.00533

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434