CVE-2025-9296

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions through 2.5.18

Description: A security vulnerability has been detected in Emlog Pro. The issue affects an unknown function within the /admin/blogger.php?action=update avatar file. Manipulation of the image argument allows for unrestricted file uploads, and the attack can be executed remotely. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: Versions prior to 2.5.18 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.