CVE-2025-47785

Published May 15, 2025

Last updated 15 days ago

CVSS high 8.3

Overview

Description: Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

security-advisories@github.com: CWE-89

Hype score: Not currently trending

[CVE-2025-47785: HIGH] Critical cyber security vulnerability in Emlog versions up to 2.5.9! Unfiltered $origContent parameter allows SQL injection through admin/article_save.php, potentially leading to admin...#cve,CVE-2025-47785,#cybersecurity https://t.co/EsTD4uGBF7 https://t.c
@CveFindCom
15 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A4A329D-29E9-4C8E-8860-1721945EB1DE",
            "versionEndIncluding": "2.5.9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References