SQL Injection Vulnerability in Emlog by Emlog Team
CVE-2021-30081

8.8HIGH

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 24 May 2021

What is CVE-2021-30081?

A security flaw was identified in Emlog version 6.0.0stable that permits SQL Injection attacks through the admin/navbar.php?action=add_page endpoint. This vulnerability enables attackers to execute arbitrary SQL statements, potentially exposing sensitive data stored on the server. It is crucial for users of Emlog to apply necessary security updates to mitigate this risk.

References

https://github.com/emlog/emlog/issues/74

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2021
Vulnerability Reserved
Apr 2, 2021