-
-
Save babapihai/b56121e0b2694e2be22571057d05298e to your computer and use it in GitHub Desktop.
Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with > Dangerous Type via /emlog/admin/plugin.php?action=upload_zip
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2025-44139 | |
| > [Affected Component] | |
| > emlog Pro V2.5.7 | |
| [Attack Vectors] | |
| > Create a shell.zip compressed file. The shell folder should be placed inside this compressed file, and the shell.php file should be placed under the shell folder (for the server to parse and verify the existence of the vulnerability). Note that the names of the compressed file, the folder, and the file must be the same. | |
| > Log in to the background -> Plugin navigation -> Install a plugin -> Upload the constructed shell.zip -> A shell folder will be generated in the path ip:port/emlog/content/plugins -> The shell folder contains the malicious shell.php file. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment