CVE-2025-47785 HIGH

CVE-2025-47785: EMLOG SQL Injection Vulnerability

Vendor Emlog
Product emlog
Weakness CWE-89 · SQLi
Published May 15, 2025
Last update May 19, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists.

Key dates

02Disclosure timeline

May 15, 2025 CVE published
May 19, 2025 Record updated