CVE-2023-39121
published 2023-08-03CVE-2023-39121: emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
2.26%
80.8th percentile
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emlog | emlog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Emlog 2.1.9 - SQL Injection
nuclei·CVSS 7.2
CVE-2023-39121 [HIGH] Emlog 2.1.9 - SQL Injection
Emlog 2.1.9 - SQL Injection
emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files.
Template:
id: CVE-2023-39121
info:
name: Emlog 2.1.9 - SQL Injection
author: wjch611
severity: high
description: |
emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files.
impact: |
Attackers with admin credentials can execute arbitrary SQL commands, potentially leading to privilege escalation, data leakage, modification, or deletion.
remediation: |
Update to the latest version of emlog or apply security patches addressing the SQL injectio
No writeups or analysis indexed.
2023-08-03
Published