File Upload Vulnerability in Emlog Pro by Emlog
CVE-2025-47787

8.9HIGH

Key Information:

Vendor: Emlog
Status: Emlog
Vendor: CVE Published:; 15 May 2025

What is CVE-2025-47787?

Emlog Pro, an open-source website building system, is subject to a significant file upload vulnerability within its store.php component. This vulnerability arises from inadequate validation of content in remotely downloaded ZIP plugin files. Attackers can exploit this weakness to execute arbitrary code on systems running affected versions, leading to serious security risks. Version 2.5.10 addresses and mitigates this flaw. It is crucial for users to upgrade to this version or later to protect their systems from such exploits.

Affected Version(s)

emlog < 2.5.10

References

https://github.com/emlog/emlog/security/advisories/GHSA-4...

x_refsource_CONFIRM

https://github.com/emlog/emlog/commit/691c13e90df2fb35e12...

x_refsource_MISC

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2025
Vulnerability Reserved
May 9, 2025