← Zuruck zu CVEs
CVE-2025-30372
CRITICAL9.8
Beschreibung
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/28/2025
Zuletzt geandert4/14/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
emlog:emlog
Schwachen (CWE)
CWE-89
Referenzen
https://github.com/emlog/emlog/security/advisories/GHSA-w6xc-r6x5-m77c(security-advisories@github.com)
https://github.com/emlog/emlog/security/advisories/GHSA-w6xc-r6x5-m77c(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.