CNNVD-202601-078 Information

CNNVD ID

CNNVD-202601-078

Related CVE

CVE-2026-21433

• CNNVD Published: 2026-01-02

Description (Chinese)

emlog是emlog开源的一套基于PHP和MySQL的CMS建站系统。 Emlog 2.5.19及之前版本存在代码问题漏洞，该漏洞源于通过上传SVG文件可能导致服务器端带外请求或服务端请求伪造，从而探测内部网络和泄露元数据或凭据。

Description (English)

Emlog is a CMS station system based on PHP and MySQL. Emlog 2.5.19 and previous versions had a code gap, which stemmed from the fact that uploading of SVG documents could result in external requests from the server or requests from the service side for forgery, thus detecting internal networks and disclosing metadata or evidence.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Emlog

Published

2026-01-02

Last Modified

2026-02-24

References

https://github.com/emlog/emlog/security/advisories/GHSA-6rwr-c8hc-mjj4 https://access.redhat.com/security/cve/cve-2026-21433

Patch

https://github.com/emlog/emlog/releases