CVE-2025-9173

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions through 2.5.18

Description: A weakness has been identified that allows for unrestricted file upload. This issue affects the processing of the file /admin/media.php?action=upload&sid=0. Manipulation of the File argument can lead to the vulnerability. The attack can be launched remotely, and an exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: Versions prior to 2.5.18 are affected. As a temporary workaround, consider restricting access to the /admin/media.php file to minimize the risk of exploitation.