CVE-2025-30372 Information
Description
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. search_controller.php does not use addslashes after urldecode allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue.
Reference
https://github.com/emlog/emlog/security/advisories/GHSA-w6xc-r6x5-m77c
https://github.com/emlog/emlog/security/advisories/GHSA-w6xc-r6x5-m77c
Emlog
is
an
open
source
website
building
system.
Emlog
Pro
versions
pro-2.5.7
and
pro-2.5.8
contain
an
SQL
injection
vulnerability.
search_controller.php
does
not
use
addslashes
after
urldecode
allowing
the
preceeding
addslashes
to
be
bypassed
by
URL
double
encoding.
This
could
result
in
potential
leakage
of
sensitive
information
from
the
user
database.
Version
pro-2.5.9
fixes
the
issue.