Description
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/Myanemo/emlogpro/blob/main/emlog%20pro2.3.2%20File%20upload%20to%20getshell.md
Scores
CVSS v3
6.3
EPSS
0.8579
EPSS Percentile
99.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (2)
emlog/emlog
2.3.0
emlog/emlog
2.3.2
Published
May 06, 2024
Tracked Since
Feb 18, 2026