CVE-2025-47785

Name of the Vulnerable Software and Affected Versions: Emlog versions up to and including 2.5.9

Description: The issue occurs due to a SQL injection vulnerability in the $origContent parameter in admin/article save.php, which is not strictly filtered. This allows registered users to access admin/article save.php, resulting in the injection of the admin account and password. The vulnerability can then be exploited for backend remote code execution.

Recommendations: For Emlog versions up to and including 2.5.9, as a temporary workaround, consider restricting access to the admin/article save.php file to prevent exploitation. Additionally, avoid using the $origContent parameter in the affected admin/article save.php file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.