PT-2026-60533 · Emlog · Emlog
CVE-2026-46687
·
Publicado
2026-07-16
·
Atualizado
2026-07-16
CVSS v4.0
7.7
Alta
| Vetor | AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from api controller.php without validation, and log controller.php later checks file exists and calls include View::getView($template), allowing an authenticated author to include an arbitrary local .php file when an article is viewed. No fixed version is currently identified.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Emlog