Home
affected
Description
Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11.
Problem types
CWE-434: Unrestricted Upload of File with Dangerous Type
Product status
References
github.com/.../emlog/security/advisories/GHSA-8qwx-6jx6-94x4