PT-2026-60533 · Emlog · Emlog

CVE-2026-46687

·

Published

2026-07-16

·

Updated

2026-07-16

CVSS v4.0

7.7

High

VectorAV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from api controller.php without validation, and log controller.php later checks file exists and calls include View::getView($template), allowing an authenticated author to include an arbitrary local .php file when an article is viewed. No fixed version is currently identified.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-46687

Affected Products

Emlog