Submit #792704: emlog EMLOG Pro <=Pro 2.6.8 Upload any fileinfo

Titleemlog EMLOG Pro <=Pro 2.6.8 Upload any file
DescriptionThe plugin installation feature of emlog exhibits a significant security vulnerability. When uploading a plugin, the system only verifies the basic structure of the plugin package, yet it fails to conduct any security checks on the contents of the unzipped PHP files. An attacker can upload a plugin package containing malicious code, unzip it, and directly access the malicious PHP files to execute arbitrary system commands, thereby gaining complete control over the server.
Source⚠️ https://github.com/qingyun985/Cyber-Security/issues/2
User
 qingyunsec (UID 96803)
Submission03/30/2026 08:30 (3 months ago)
Moderation04/19/2026 19:02 (20 days later)
StatusDuplicate
VulDB entry300089 [Emlog Pro 2.5.7 PHP File /views/plugin.php unrestricted upload]
Points0

Do you know our Splunk app?

Download it now for free!