CVE-2026-34228
MEDIUMEmlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write
Title source: cnaDescription
Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This process does not validate a CSRF token. Therefore, an attacker only needs to trick an authenticated administrator into visiting a malicious link to achieve arbitrary SQL execution and arbitrary file write. This issue has been patched in version 2.6.8.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/emlog/emlog/security/advisories/GHSA-2rcc-jg83-34vp
X_Refsource_Misc x_refsource_misc
https://github.com/emlog/emlog/commit/4c3b8f3486e2c9caafee38a5eedb3cd16f8c8d6f
Scores
CVSS v3
6.5
EPSS
0.0019
EPSS Percentile
8.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (1)
emlog/emlog
< 2.6.8 (2 CPE variants)
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026