Lan041221

**Name of the Vulnerable Software and Affected Versions** Emlog versions prior to 2.6.11 **Description** Insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, which can lead to complete server compromise and the installation of a persistent backdoor. **Recommendations** Update to version 2.6.11.

**Name of the Vulnerable Software and Affected Versions** Emlog versions prior to 2.6.11 **Description** Missing Cross-Site Request Forgery (CSRF) protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions. These actions include system registration, plugin management, and configuration changes. CSRF is a flaw where a malicious site tricks a user's browser into sending an unauthorized request to a web application where the user is authenticated. **Recommendations** Update to version 2.6.11.

**Name of the Vulnerable Software and Affected Versions** Emlog versions prior to 2.6.11 **Description** Direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands. This can lead to complete database compromise, data theft, or system destruction. **Recommendations** Update to version 2.6.11.