CVE-2025-61318

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.20

Description Emlog Pro 2.5.20 contains a flaw that allows for arbitrary file deletion. This issue is present in the admin/template.php and admin/plugin.php components, which do not properly validate file paths or filter potentially harmful code during deletion operations. This lack of validation enables attackers to perform directory traversal, potentially leading to unauthorized file deletion.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the admin/template.php and admin/plugin.php components.