CNNVD-202601-1799 Information
CNNVD ID
CNNVD-202601-1799
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
emlog是emlog开源的一套基于PHP和MySQL的CMS建站系统。 emlog v2.6.1及之前版本存在代码问题漏洞,该漏洞源于REST API端点未对文件类型、扩展名和内容实施适当验证,可能导致经过身份验证的攻击者上传任意文件,包括恶意PHP脚本,从而导致远程代码执行。
Description (English)
Emlog is a CMS station system based on PHP and MySQL. Emlog v2.6.1 and previous versions had a code problem loophole, which stemmed from the fact that the RRT API endpoint did not properly verify the type, extension and content of the document, which could lead to the uploading of a random document by an identified assailant, including malicious PHP scripts, leading to remote code execution.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Emlog
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/emlog/emlog/commit/429b02fda842254b9b9b39303e9161999c180560 https://github.com/emlog/emlog/security/advisories/GHSA-p837-mrw9-5x5j
Patch
https://github.com/emlog/emlog/releases
Share on: