Main Vulnerability Database SB2026040952

SB2026040952 - Improper input validation in Emlog Pro

Published: April 9, 2026

Security Bulletin ID SB2026040952

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2025-47787)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper input validation in /admin/store.php when downloading and installing remotely supplied ZIP plugin files. A remote user can send a specially crafted request with a malicious plugin archive URL to execute arbitrary code.

The issue occurs in the plugin installation functionality and requires access to initiate the remote plugin download request.

Remediation

Install update from vendor's website.

References

https://github.com/emlog/emlog/security/advisories/GHSA-4mcj-8gvh-p753