CVE-2020-21013

Name of the Vulnerable Software and Affected Versions: emlog version 6.0.0

Description: The issue is a SQL injection that can be exploited via the /admin/comment.php API endpoint. This allows for potential unauthorized access or manipulation of database content.

Recommendations: For emlog version 6.0.0, as a temporary workaround, consider restricting access to the /admin/comment.php endpoint until a patch is available. Avoid using sensitive database operations in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.