Описание
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature for directory traversal.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:emlog:emlog:2.5.20:*:*:*:pro:*:*:*
EPSS
Процентиль: 79%
0.0125
Низкий
9.1 Critical
CVSS3
5.3 Medium
CVSS3
Дефекты
NVD-CWE-Other
CWE-24
Связанные уязвимости
CVSS3: 6.5
github
2 месяца назад
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature for directory traversal.
EPSS
Процентиль: 79%
0.0125
Низкий
9.1 Critical
CVSS3
5.3 Medium
CVSS3
Дефекты
NVD-CWE-Other
CWE-24