CVE-2024-46540

Name of the Vulnerable Software and Affected Versions Emlog Pro versions prior to 2.3.15

Description A remote code execution issue in the /admin/store.php component of Emlog Pro allows attackers to use remote file downloads and self-extract functions to upload webshells to the target server, obtaining system privileges.

Recommendations For versions prior to 2.3.15, update to version 2.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the /admin/store.php component until a patch is applied. Avoid using the remote file download and self-extract functions in the affected component until the issue is resolved.