CVE-2026-34788 in Emlog信息

摘要 (英语)

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tag_model.php at line 168. The updateTagName() function directly interpolates user input into the SQL query string without using parameterized queries or proper escaping ($this->db->escape_string()), making it vulnerable to SQL injection attacks. At time of publication, there are no publicly available patches.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

负责

GitHub_M

预定

2026-03-30

披露

2026-04-04

状态

已确认

条目

VulDB provides additional information and datapoints for this CVE:

标识符	漏洞	CWE	可利用	对策	CVE
355249	Emlog Query String tag_model.php updateTagName SQL注入	89	未定义	未定义	CVE-2026-34788

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

来源

◂ 上一步一览下一步 ▸

Do you need the next level of professionalism?

Upgrade your account now!