CNNVD-202510-1406 Information
Oct 10, 2025
cve
CNNVD ID
CNNVD-202510-1406
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
Emlog Pro是Emlog开源的一个博客系统。 Emlog Pro 2.5.19版本和更早版本存在跨站请求伪造漏洞,该漏洞源于密码更改端点存在跨站请求伪造,可能导致特权用户账户接管。
Description (English)
Emlog Pro is a blog system open to Emlog. Emlog Pro 2.5.19 and earlier versions have a false gap in cross-site requests, which stems from the existence of cross-site requests for forgery at the password change endpoint, which may lead to the taking over of privileged user accounts.
Hazard Level
Medium
Vulnerability Type
跨站请求伪造
Affected Vendor
Emlog
Published
2025-10-10
Last Modified
2026-02-24
References
https://github.com/emlog/emlog/security/advisories/GHSA-m2qw-9wjx-qxm2
Patch
https://www.emlog.net/download
Share on: