CVE-2023-43291

CRITICAL

emlog pro <2.1.15 - Code Injection

Title source: llm

Description

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component.

References (1)

Scores

CVSS v3 9.8
EPSS 0.1762
EPSS Percentile 95.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (1)

emlog/emlog < 2.1.15

Timeline

Published Sep 27, 2023
Tracked Since Feb 18, 2026