Description
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges.
References (3)
Core 3
Core References
Third Party Advisory
https://gist.github.com/microvorld/1c1ef9c3390a5d88a5ede9f9424a8bd2
Product
https://github.com/emlog/emlog
Exploit, Third Party Advisory
https://github.com/microvorld/CVE-2024/blob/main/emlog.md
Scores
CVSS v3
6.3
EPSS
0.0059
EPSS Percentile
69.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-266
Status
published
Products (1)
emlog/emlog
< 2.3.15
Published
Sep 30, 2024
Tracked Since
Feb 18, 2026