0Ofo

**Name of the Vulnerable Software and Affected Versions** Emlog Pro versions pro-2.5.7 through pro-2.5.8 **Description** Emlog is an open source website building system. The issue arises from the `search controller.php` file not using addslashes after urldecode, allowing the preceding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. **Recommendations** For Emlog Pro versions pro-2.5.7 and pro-2.5.8, update to version pro-2.5.9 to fix the issue. As a temporary workaround, consider restricting access to the `search controller.php` file until a patch is available.