| Title | emlog EMLOG Pro <=Pro 2.6.8 Upload any file |
|---|
| Description | The plugin installation feature of emlog exhibits a significant security vulnerability. When uploading a plugin, the system only verifies the basic structure of the plugin package, yet it fails to conduct any security checks on the contents of the unzipped PHP files. An attacker can upload a plugin package containing malicious code, unzip it, and directly access the malicious PHP files to execute arbitrary system commands, thereby gaining complete control over the server. |
|---|
| Source | ⚠️ https://github.com/qingyun985/Cyber-Security/issues/2 |
|---|
| User | qingyunsec (UID 96803) |
|---|
| Submission | 03/30/2026 08:30 (3 months ago) |
|---|
| Moderation | 04/19/2026 19:02 (20 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 300089 [Emlog Pro 2.5.7 PHP File /views/plugin.php unrestricted upload] |
|---|
| Points | 0 |
|---|