Back to search
CVE-2025-30372
Published: Mar 28, 2025
Modified: Mar 28, 2025
PUBLISHED
Description
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue.
| Vendor | Product | Versions |
|---|---|---|
emlog | emlog | affected >= pro-2.5.7, < pro-2.5.9 |
Weaknesses (CWE)
References
https://github.com/emlog/emlog/security/advisories/GHSA-w6xc-r6x5-m77c
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now