Deserialization Vulnerability in Emlog Pro by Emlog
CVE-2023-43291

9.8CRITICAL

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-43291?

A deserialization vulnerability has been identified in Emlog Pro versions 2.1.15 and earlier, allowing remote attackers to exploit the cache.php component. This flaw enables the execution of arbitrary code, posing significant security risks to affected users. Organizations using these versions are advised to update to mitigate potential threats.

References

https://gist.github.com/Dar1in9s/e3db6b04daacb68633a97581...

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 18, 2023