CVE-2021-30081

Name of the Vulnerable Software and Affected Versions emlog version 6.0.0stable

Description The issue is related to a SQL Injection vulnerability. This vulnerability can execute any SQL statement and query server sensitive data via the "admin/navbar.php?action=add page" endpoint. The action parameter is used to add a page, which is vulnerable to SQL injection attacks.

Recommendations For emlog version 6.0.0stable, as a temporary workaround, consider restricting access to the "admin/navbar.php?action=add page" endpoint until a patch is available. Avoid using the action parameter with the value "add page" in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.